IBM QRadar
Copy link

Unlike other log aggregators and SIEMs, IBM QRadar requires that logs must be forwarded to a specific destination in order to be collected.

Configure IBM QRadar
Copy link

In order to ingest and analyze data from IBM QRadar, you must configure SIEM (InsightIDR) to be the specific destination of its logs.

To specify the SIEM (InsightIDR) collector as the destination:

  1. Create a rule to forward logs to add a collector as a forward destination. Read instructions here: https://www.ibm.com/support/knowledgecenter/SS42VS_7.4/com.ibm.qradar.doc/c_qradar_adm_frwd_event_data.html
  2. Choose to either create a log forwarding rule OR create a routing rule.
  3. When you configure an event source in SIEM (InsightIDR), select “QRadar” when choosing from the list of Log Aggregators.