IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Bomgar /BeyondTrust Remote Support logs

  • 1.  Bomgar /BeyondTrust Remote Support logs

    Posted Wed June 09, 2021 03:12 PM

    Need to get both syslogs and session logs from a Bomgar/Beyond Trust Remote Support appliance server. The only BT DSM that I can find is for PowerBroker. Will this work for the Report Support logs, or do I need to roll a custom DSM?



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Bomgar /BeyondTrust Remote Support logs

    Posted Thu June 10, 2021 09:09 AM

    PowerBroker logs in a multi-line format and it also requires additional configuration (congiruation of a script file) at the BT appliance end so that QRadar can recognize the events.

    I would suggest you to write a custom DSM for a different appliance type because I believe the payload would be completely different and using an existing DSM which is written for a different appliance will not make any sense. It may also introduce performance impact on the event pipeline.



    #QRadar
    #Support
    #SupportMigration


Related Content