IBM QRadar

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

The added value

IBM QRadar is a Security Information and Event Management (SIEM) platform that centralizes, analyzes, and correlates security data across the environment of an organization. It delivers real-time threat detection, prioritizes critical incidents, and provides automated reporting that meets regulatory requirements.

QRadar helps security teams respond to threats faster and investigate more efficiently by reducing false positives and providing a unified view of security activity.

Integrating the ESET PROTECT Platform with IBM QRadar SIEM combines two powerful cybersecurity solutions. QRadar collects logs from ESET PROTECT Syslog and seamlessly incorporates the Syslog security data into a unified monitoring dashboard, providing enhanced visibility and threat detection across the environment.

Integration type

•Log-based integration

How to enable the integration

Ensure you meet the prerequisites and follow the steps below.

Prerequisites

•You have enabled Syslog sending on your ESET PROTECT instance. QRadar will use the Syslog messages as a log source.

•You have selected the LEEF (Log Event Extended Format) payload format for event messages.

•You have administrator rights in your QRadar console.

•You have downloaded the ESET PROTECT/ESET Inspect DSM (Device Support Module) .zip package, QRadar-EsetProtectInspect.zip, to your machine.

The QRadar-EsetProtectInspect.zip package is available for download on GitHub or by the direct download link.

Configuration steps

1.Log in to the QRadar console.

2.Navigate to the Admin tab.

3.Click Extensions Management, and click Add in the Extensions Management window.

4.Click Browse, select the QRadar-EsetProtectInspect.zip and click Add. The QRadar-EsetProtectInspect.zip installation begins.

After the QRadar-EsetProtectInspect.zip installation, proceed to create a new log source.

Log source creation

1.Navigate to the Log Sources tab.

2.Click Log Sources > New Log Source > select Single Log Source.

3.In the search bar, type ESET and select the ESET PROTECT-Inspect as the Log Source Type. Click Step 2: Select Protocol Type.

4.In the search bar, type Syslog and select Syslog as the Protocol Type. Click Step 3: Configure Log Source Parameters.

5.Assign a name to the Log Source and provide the Log Source parameters. Click Step 4: Configure Protocol Parameters.

6.Type your Syslog server's hostname or the IP address into the Log Source Identifier field, and click Finish.

After configuring the setup, you can see the Syslog messages in the IBM QRadar console Log Activity tab.

When a new version of the ESET PROTECT/ESET Inspect DSM .zip package, QRadar-EsetProtectInspect.zip, is released, uninstall the earlier version in your QRadar console and install the latest one.

Troubleshooting

If you experience an issue with the integration, reach out to the local Partner in the respective country/region where you purchased your ESET subscription, or the respective ESET office, by opening a support request via the support form.

˄˅