IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Unified Application Security: VMware Avi Logs Now Seamlessly integrated in IBM QRadar

By ASHISH KOTHEKAR posted 6 days ago

  

As part of IBM QRadar’s ongoing commitment to integrating with the most widely adopted security technologies, we’re excited to announce native support for VMware Avi WAF and Load Balancer—a powerful addition to your security operations arsenal.

Why This Matters

Following Broadcom’s acquisition of VMware in 2023, the Avi platform has seen rapid adoption across enterprise environments. Known for its high-performance load balancing and robust web application firewall (WAF) capabilities, Avi is now even more impactful when integrated with IBM QRadar SIEM.

This integration enables real-time visibility into application-layer events, helping security teams detect and respond to threats faster and more effectively.

What’s Included in the Integration?

  • Syslog-based log forwarding from Avi to QRadar—simple to configure and highly reliable.

  • DSM (Device Support Module) support for parsing both IPv4 and IPv6 log data.


How to configure?

On AVI side → Enable log streaming → Log Streaming

Setting up Log streaming via CLI

===============================================================

[admin:node-1]: > configure analyticsprofile streaming-profile

[admin:node-1]: analyticsprofile> client_log_streaming_config

[admin:node-1]: analyticsprofile:client_log_streaming_config> external_server 10.10.25.200

[admin:node-1]: analyticsprofile:client_log_streaming_config> log_types_to_send logs_significant_only

[admin:node-1]: analyticsprofile:client_log_streaming_config> max_logs_per_second 20

[admin:node-1]: analyticsprofile:client_log_streaming_config> save

[admin:node-1]: analyticsprofile> save

+-------------------------------------------------+-------------------------------------------------------+

| Field | Value |

+-------------------------------------------------+-------------------------------------------------------+

...

Many lines intentionally left out

...

| client_log_streaming_config | |

| external_server | 10.10.25.200 |

| external_server_port | 514 |

| log_types_to_send | LOGS_SIGNIFICANT_ONLY |

| max_logs_per_second | 20 |

+-------------------------------------------------+-------------------------------------------------------+

[admin:node-1]: >
===============================================================

On QRadar side → Create VMWare AVI WAF Load Balancer Log source. Below is the configuration details for protocol.



This integration provides a insight and detection into various use cases. Note that we already have rules which support use cases like:

  • Detecting WAF rule violations across multiple applications

  • Monitoring load balancer health and traffic anomalies

  • Correlating application-layer attacks with network or endpoint events

  • Generating alerts for high-severity WAF events or DDoS attempts



Already using VMware Avi and IBM QRadar? This integration is a no-brainer. If not, now’s the perfect time to explore how this powerful combination can elevate your security posture.

Link for documentation - QRadar-AVI Integration


If you have any comments/suggestions/observations, please share with ashish.kothekar@in.ibm.com 



0 comments
5 views

Permalink

https://community.ibm.com/community/user/blogs/ashish-kothekar/2025/06/13/qradarvmwareintegration