This section describes the standard integration scheme for QRadar and Kaspersky CyberTrace.
For the standard integration scheme to work properly, you must install the update DSM-KasperskyCyberTrace-%version%-20180802144954.noarch.rpm, where %version%
is the version of QRadar. Usually, you receive these updates as part of the auto-update process, but you can also visit IBM Fix Central and download them manually.
About the components of the standard integration scheme
The following components are used in the standard integration scheme for QRadar:
This service matches QRadar events against Kaspersky Threat Data Feeds.
The SIEM solution used in this integration.
These are sources of events for QRadar such as firewalls, proxies, intrusion detection systems, and other networking devices.
Security controls can send events to QRadar by any method supported by QRadar.
Standard integration scheme
In the standard integration scheme, Feed Service by default is configured to listen for incoming events from QRadar on 0.0.0.0:9999
(all interfaces).
Feed Service sends detection events to port 514 of the interface defined in QRadar configuration. The address of this interface is specified when you install Kaspersky CyberTrace.
Security controls can send events to QRadar in any format that is supported by QRadar, for example, Syslog, JDBC, OPSEC, File, or SNMP.
Standard integration scheme for QRadar
Page top