ESET Online Help

Search
Select the category
Select the topic

IBM QRadar

The added value

ESET PROTECT is a cybersecurity management solution offering advanced threat detection and comprehensive protection to help businesses safeguard against a wide range of cyber threats.

The integration of ESET PROTECT with IBM QRadar SIEM combines two powerful cybersecurity tools. It provides enhanced and faster threat detection with greater accuracy, the ability to manage threats and responses from a unified interface, alerts prioritization and incident response automation. The integration reduces manual intervention and simplifies security teams' operation.

Integration type

Log-based integration

How to enable the integration

Ensure you meet the prerequisites and follow the steps below.

Prerequisites

You have enabled Syslog sending on your ESET PROTECT instance. QRadar will use the Syslog messages as a log source.

You have selected the LEEF (Log Event Extended Format) payload format for event messages.

You have Admin rights in your QRadar console.

You have downloaded the ESET PROTECT/ESET Inspect DSM (Device Support Module) .zip package, QRadar-EsetProtectInspect.zip, to your machine.


note

The QRadar-EsetProtectInspect.zip package is available for download on GitHub or by the direct link.

Configuration steps

1.Log in to the QRadar console.

2.Navigate to the Admin tab.

3.Click Extensions Management, and in the Extensions Management window, click Add.

4.Click Browse, select the QRadar-EsetProtectInspect.zip and click Add. The QRadar-EsetProtectInspect.zip installation will begin.

When the QRadar-EsetProtectInspect.zip is installed, you must create a new log source.

Log source creation

1.Navigate to the Log Sources tab.

2.Click Log Sources > New Log Source > select Single Log Source.

3.In the search bar, type ESET and select the ESET PROTECT-Inspect as the Log Source Type. Click Step 2: Select Protocol Type.

4.In the search bar, type Syslog and select the Syslog as the Protocol Type. Click Step 3: Configure Log Source Parameters.

5.Provide a name that you assign to the Log Source and the Log Source parameters. Click Step 4: Configure Protocol Parameters.

6.Type the hostname or the IP address of your Syslog server to the Log Source Identifier field, and click Finish.

The messages received from the Syslog will be visible in the IBM QRadar console Log Activity tab.