IBM Security QRadar

 View Only

Security Monitoring with IBM Red Hat OpenShift and IBM Security QRadar SIEM

By Olga Hout posted Fri March 31, 2023 10:26 AM


IBM Security's portfolio of QRadar® integrations is continuously growing. This week, our team has made yet another important addition—Red Hat® OpenShift®—to support collection of auditing and infrastructure events from a Red Hat OpenShift cluster.


Red Hat OpenShift simplifies deployment and management of a hybrid infrastructure, giving developers and IT operators the flexibility to have a self-managed or fully managed service, running on-premise or in cloud and hybrid environments. 


Having visibility into activity in your security environment allows you to better protect it. IBM Security Red Hat OpenShift DSM allows for application and security monitoring, giving you access to user login authentication information in the audit and infrastructure logs. Audit log provides a security-relevant chronological set of records documenting the sequence of activities that have affected system by individual users, administrators, and other components of the system. 

On the screenshot below, we can see the Log Activity tab, detailing automatic discovery of a log source. 

This tab gives you the view of the event normalization and the payload information.

When viewing this tab, it shows a Red Hat OpenShift log source collecting events. This log source was created using Traffic Analytics. 

And this is the detailed view into a single Red Hat OpenShift event, covering infrastructure.
It shows the event normalization and the payload information. 


To integrate Red Hat OpenShift with QRadar, complete the following steps, detailed in IBM Security DSM Guide:

  1. If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM support website.
    • DSM Common RPM
    • Kubernetes Auditing DSM RPM
    • IBM Red Hat OpenShift DSM RPM
  2. Configure Red Hat OpenShift to forward events to QRadar. See Configuring Red Hat OpenShift to communicate with QRadar.

  3. If QRadar does not automatically detect the log source, add a log source on the QRadar Console. See IBM Red Hat OpenShift Syslog log source parameters.

    For more information about adding a log source, see Adding a log source.

Our team has worked diligently to deliver this new functionality, with Vaibhav Gupta and Dane Frenette successfully leading the process from start to finish.

We hope this new functionality makes a difference in helping you secure your organization.