Hello everyone,
I attempted to integrate "
McAfee ePolicy Orchestrator" (antivirus appliance) to QRadar. However, there were some errors, which made it unsuccessful. Is there any "
step-by-step demonstration process" for this integration (
or is there any simpler way to forward logs from McAfee ePolicy Orchestrator to QRadar)? Although there is a guide from
IBM, it still seems a little bit complicated for me.
When it comes to my case, here are some of my specific enquiries:
Installation of RPMs:
"If automatic updates are not enabled, RPMs are available for download from the IBM support website (http://www.ibm.com/support). Download and install the most recent version of the following RPMs on your QRadar Console.
- JDBC Protocol RPM
- SNMP Protocol RPM
- DSMCommon RPM
- McAfee ePolicy Orchestrator DSM RPM"
On my QRadar system, automatic updates are enabled, but I could not find JDBC, SNMP, and McAfee ePolicy Orchestrator. So, should I install these three mentioned RPMs? If so, as with "
McAfee ePolicy Orchestrator DSM RPM", I failed to find version 7.3 for my existing QRadar (only version 7.2 is available on IBM FixCentral), so is it correct or did I miss something here?
Add a McAfee ePolicy Orchestrator log source on the QRadar Console:
"Log source parameters: SNMPv1, v2, v3, and JDBC": Should I install
all of these
four protocols or just the one corresponding to "
registered server" on McAfee ePolicy Orchestrators? I used
SNMPv2 for the registered server. So I assume that it would be necessary to install the mentioned protocol only on QRadar.
Any response would be highly appreciated.
------------------------------
TRAN NAM
------------------------------