Forwarding to IBM QRadar
To forward event data to IBM QRadar:
Settingsmodule of the Sysdig Secure UI, navigate to the
IBM QRadarfrom the drop-down menu.
Configure the required options:
Integration Name: Define an integration name.
Address: Specify the DNS address of the QRadar installation endpoint.
Port: Port to send data, hardcoded to TCP transport protocol. 514/TCP is the default
Data to Send: Currently, Sysdig only supports sending policy events (events from Sysdig Secure).
Allow insecure connections: Toggle on if you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).
Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
Savebutton to save the integration.
See also: Installing Extensions from IBM’s Knowledge Center.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.