The Log Activity tab in the IBM QRadar console displays real-time information about the data that is transferred from the Data Connector to the IBM QRadar console.
When you click on a specific log event, it displays detailed information about the respective event as shown in the figure below.
Configuring the IBM QRadar Console to receive data
You must configure a log source on the IBM QRadar console to receive DNS queries and responses from the Data Connector.
- Log in to the IBM QRadar console.
- Click the Admin tab, click Data Sources -> Events, and click Log Sources.
- Click Add to define a new log source. In the Log Sources screen, specify the necessary details.
Table
Ensure that you specify the following:- Log Source Name: Enter a name for the log source.
- Log Source Description: You can specify additional details about the log source.
- Log Source Type: Select Universal Leef from the drop-down list. Infoblox supports Universal Leef syslog format for IBM QRadar.
- Protocol Configuration: Select TLS Syslog from the drop-down list to use TLS encryption protocol for syslog.
- Log Source Identifier: Enter the same IP address that was mentioned while configuring destination in the Data Connector.
- TLS Listen Port: Enter the same port number that was mentioned while configuring destination in the Data Connector.
- Authentication Mode: Select TLS from the drop-down list to use TLS encryption protocol for authentication.
- Certificate Type: Select Generate Certificate from the drop-down list. TLS uses certificates to encrypt and authenticate data transfer.
- Enable the log source when ready.
- Add log source to the groups.
- Click Deploy Changes for the new log source addition to take effect.
- Click Save.
For more information, refer to the IBM QRadar documentation.
This page has no comments.