IBM Security QRadar

 View Only
  • 1.  Installing/integrating Qradar on Linux based systems (server)

    Posted Fri October 02, 2020 07:53 AM
    Hi All,

    We have received a requirement in our organization, Where we need to integrate few Linux bases servers with Qradar.
    One is application server and other is database server.

    Now I need to understand how can we accomplish this? Do we have any agent like win collect agent for Linux based systems?

    Please guide


    Regards
    Asif Siddiqui

    ------------------------------
    Asif Siddiqui Senior Security Analyst
    ------------------------------


  • 2.  RE: Installing/integrating Qradar on Linux based systems (server)

    Posted Fri October 02, 2020 09:12 AM
    Hello Asif.

    There are a few ways, but suggest look at implementing a disconnected log collector (DLC).

    https://www.ibm.com/support/knowledgecenter/en/SS42VS_SHR/com.ibm.dlc.doc/c_dlc_overview.html

    Other posts on this in the forum if you do a search for DLC.

    Regards,

    Darren

    ------------------------------
    Darren H.
    ------------------------------



  • 3.  RE: Installing/integrating Qradar on Linux based systems (server)

    Posted Fri October 02, 2020 09:48 AM

    Hello Asif,

     

    Generally the easiest way to integrate Linux servers is to configure the syslog.conf file to send the syslog messages to either an Event Collector or directly to the Event Processor.  No agent is required for Linux based systems.

     

    Kind regards,

     

     

    Ray Menard
    Executive Security Consultant –WW
    IBM Security Systems

     

    "The doubters said, "Man can not fly,"
    The doers said, "Maybe, but we'll try.

    And finally soared in the morning glow
    While non-believers watched from below."  –Bruce Lee

     

     

    signature_124339659

    Phone: +1 603-660-8808                                                                                                                                      100 West St.
    E-mail:
    rmenard@us.ibm.com

    Webex: https://ibm.webex.com/meet/rmenar                                                                                                        Keene, NH 03431


    This message (including any attachments) may contain confidential information and is intended for a specific addressee(s). If you are not the intended recipient, you should delete this message immediately, and are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.

     

     

     






  • 4.  RE: Installing/integrating Qradar on Linux based systems (server)

    Posted Thu October 15, 2020 08:54 AM
    Hi! As alternative way i may recommend wazuh solution (https://wazuh.com/) for monitoring non Windows hosts. it is quite functional and flexible solution for more deeply monitoring linux/MacOS systems and solutions, which runs on its OS. Free and opensource. Wazuh manager collect and send alerts to QRadar. For alerts used wazuh build-in rules (you can make rules yourself). Its a fork of OSSEC (https://www.ossec.net/). 

    ------------------------------
    Serhii Barabash
    ------------------------------