IBM Security QRadar

 View Only
Expand all | Collapse all

Forwarding data from QRadar Collector to Arcsight

  • 1.  Forwarding data from QRadar Collector to Arcsight

    Posted Fri September 16, 2022 02:46 PM
    Is there any way to forward collected logs from Event collector to SIEM Arcsight?

    ------------------------------
    Vikram Mawinkatti
    ------------------------------


  • 2.  RE: Forwarding data from QRadar Collector to Arcsight

    Posted Mon September 19, 2022 04:47 AM

    You can create so called Forwarding destinations Routing rules.
    Under Forwarding destinations (besides destination itself) you configure the Event format (payload, normalized, JSON) and if you want the header to be modified.
    Take a look at :  Configuring QRadar to forward data to other systems  .
    Under Routing rules you configure the criteria for the selection of data you want to send out and use the pre-configured forwarding destination.
    Take a look at : Configuring routing rules to forward data .
    Also, you might wish to review this Q&A QRadar: How to Modify Event Formats using Syslog, Forwarding, and Routing Rules



    ------------------------------
    Dusan VIDOVIC
    ------------------------------