Forwarding to IBM QRadar
Prerequisites
Event forwards originate from region-specific IPs. For the full list of outbound IPs by region, see SaaS Regions and IP Ranges. Update your firewall and allow inbound requests from these IP addresses to enable Sysdig to handle event forwarding.
Configure Event Forwarding Integration with IBM Radar
To forward event data to IBM QRadar:
Log in to Sysdig Secure as
admin
.From the
Settings
module, navigate to theEvents Forwarding
tab.Click the
Add Integration
button.Select
IBM QRadar
from the drop-down menu.Configure the required options:
Integration Name: Define an integration name.
Address: Specify the DNS address of the QRadar installation endpoint.
Port: Port to send data, hardcoded to TCP transport protocol. 514/TCP is the default
Data to Send: Select from the drop-down the types of Sysdig data that should be forwarded. The available list depends on the Sysidg features and products you have enabled.
Allow insecure connections: Toggle on if you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).
Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
Click the
Save
button to save the integration.
See also: Installing Extensions from IBM’s Knowledge Center.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.