Forwarding to IBM QRadar

To forward event data to IBM QRadar:

  1. Log in to Sysdig Secure as admin.

  2. From the Settings module, navigate to the Events Forwarding tab.

  3. Click the Add Integration button.

  4. Select IBM QRadar from the drop-down menu.

  5. Configure the required options:

    Integration Name: Define an integration name.

    Address: Specify the DNS address of the QRadar installation endpoint.

    Port: Port to send data, hardcoded to TCP transport protocol. 514/TCP is the default

    Data to Send: Select the event data you would like to send.

    Allow insecure connections: Toggle on if you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).

    Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.

  6. Click the Save button to save the integration.

See also: Installing Extensions from IBM’s Knowledge Center.

Last modified November 10, 2021