Forwarding to IBM QRadar

To forward event data to IBM QRadar:

  1. From the Settings module of the Sysdig Secure UI, navigate to the Events Forwarding tab.

  2. Click the Add Integration button.

  3. Select IBM QRadar from the drop-down menu.

  4. Toggle the Enabled switch as necessary. By default, the new integration is enabled.

  5. Configure the required options:

    ibm-qradar.png
    1. Integration Name: Define an integration name.

    2. Address: Specify the DNS address of the QRadar installation endpoint.

    3. Port: Port to send data, hardcoded to TCP transport protocol. 514/TCP is the default

    4. Data to Send: Currently, Sysdig only supports sending policy events (events from Sysdig Secure).

    5. Allow insecure connections: Toggle on if you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).

  6. Click the Save button to save the integration.