IBM Security's portfolio of QRadar® integrations is continuously growing. This week, our team has made yet another important addition—Red Hat® OpenShift®—to support collection of auditing and infrastructure events from a Red Hat OpenShift cluster.
What
Red Hat OpenShift simplifies deployment and management of a hybrid infrastructure, giving developers and IT operators the flexibility to have a self-managed or fully managed service, running on-premise or in cloud and hybrid environments.
Why
Having visibility into activity in your security environment allows you to better protect it. IBM Security Red Hat OpenShift DSM allows for application and security monitoring, giving you access to user login authentication information in the audit and infrastructure logs. Audit log provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators, and other components of the system.
On the screenshot below, we can see the Log Activity tab, detailing automatic discovery of a log source.
How
To integrate Red Hat OpenShift with QRadar, complete the following steps, detailed in IBM Security DSM Guide:
- If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM support website.
- DSM Common RPM
- Kubernetes Auditing DSM RPM
- IBM Red Hat OpenShift DSM RPM
- Configure Red Hat OpenShift to forward events to QRadar. See Configuring Red Hat OpenShift to communicate with QRadar.
- If QRadar does not automatically detect the log source, add a log source on the QRadar Console. See IBM Red Hat OpenShift Syslog log source parameters.
For more information about adding a log source, see Adding a log source.
Our team has worked diligently to deliver this new functionality, with Vaibhav Gupta and Dane Frenette successfully leading the process from start to finish.
We hope this new functionality makes a difference in helping you secure your organization.