IBM Security QRadar

 View Only
  • 1.  vmware log insight DSM

    Posted Fri March 24, 2023 09:34 AM

    im supposed to collect security logs from vmware vcenter and then from vmware log insight i need to send them to ibm qradar but all the events are unrecognized.

    when i send the security logs to ibm qradar from vmware log insight, all the events are unknown and qradar can't parse them, even though the DSM is updated, any ideas on what to do ? Or any ideas about a third party tool or solution that can collect logs from log insight then send them parsed to qradar (i think this solution or this tool should be recognized by qradar or has its own default DSM).  

    Thanks in advance.



    ------------------------------
    aziz focus
    ------------------------------


  • 2.  RE: vmware log insight DSM

    Posted Fri March 24, 2023 03:50 PM

    The VMware vRealize (formerly known as VMware Log Insights) is not a currently supported DSM written by IBM. For the full list of supported DSMs, see https://www.ibm.com/docs/en/qsip/7.5?topic=configuration-qradar-supported-dsms. You need to use the DSM Editor to parse the data coming from VMware vRealize and map the events.

    There is an IBM Idea (enhancement) on this topic to create a DSM: https://ibmsecurity.ideas.ibm.com/ideas/QDSM-I-1829 that you can vote up or comment on to request more information. At this time, there is no DSM for vRealize (Log Insights) per the documentation.



    ------------------------------
    Jonathan Pechta
    QRadar Support Content Lead
    Support forums: ibm.biz/qradarforums
    jonathan.pechta1@ibm.com
    ------------------------------



  • 3.  RE: vmware log insight DSM

    Posted Mon March 27, 2023 09:43 AM

    thank you !

    I also thought of using another log manager and then forward logs from the VMware vRealize to that tool and then from that tool, i'll forward them to qradar, but im not familiar with free log managers and i dont know wich one will be supported by the qradar DSM, any thoughts ?

    Thank you in advance.



    ------------------------------
    aziz aziz
    ------------------------------