IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  CrowdStrike Falcon FileVantage logs to QRadar

    Posted Fri June 07, 2024 07:31 AM

    Hi all, 

    Does anyone know if it is possible to send CrowdStrike Falcon FileVantage logs to QRadar?

    Best Regards. 



    ------------------------------
    Edgar Faria
    ------------------------------


  • 2.  RE: CrowdStrike Falcon FileVantage logs to QRadar

    Posted Fri July 05, 2024 08:49 AM
    Edited by Comghall Morgan Fri July 05, 2024 08:49 AM

    Hello,

    I do not see any current support for this at present:
    As per the DSM guides:
    https://www.ibm.com/docs/en/dsm?topic=configuration-qradar-supported-dsms

    When a device is not officially supported, you have the following options:

    • Open a request for enhancement (Now IBM Ideas) to have your device become officially supported.

    Go to the QRadar SIEM RFE page (https://ibm.biz/BdRPx5).

    You can follow the technote as well.

    https://www.ibm.com/support/pages/qradar-requesting-new-features-ibm-ideas
    rasing the idea under 'QRadar Integrations - Device Support Modules (DSMs), Scanners, Rules, and Reports'

    Regards,



    ------------------------------
    Comghall Morgan
    QRadar Support Architect
    IBM
    ------------------------------

    Original Message