Onapsis Security Platform
The IBM QRadar DSM for Onapsis Security Platform collects logs from an Onapsis Security Platform device.
The following table describes the specifications for the Onapsis Security Platform DSM:
| Specification | Value |
|---|---|
| Manufacturer | Onapsis |
| DSM name | Onapsis Security Platform |
| RPM file name | DSM-OnapsisIncOnapsisSecurityPlatform-Qradar_version-build_number.noarch.rpm |
| Supported versions | 1.5.8 and later |
| Event format | Log Event Extented Format (LEEF) |
| Recorded event types |
Assessment Attack signature Correlation Compliance |
| Automatically discovered? | Yes |
| Includes identity? | No |
| Includes custom properties? | No |
| More information | Onapsis website (https://www.onapsis.com) |
To integrate Onapsis Security Platform with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Onapsis Security Platform DSM RPM
- DSM Common RPM
- Configure your Onapsis Security Platform device to send syslog events to QRadar.
- If QRadar does not
automatically detect the log source, add an Onapsis Security Platform log source on the QRadar
Console. The following table describes
the parameters that require specific values for Onapsis Security Platform event collection:
Table 2. Onapsis Security Platform log source parameters Parameter Value Log Source type Onapsis Security Platform Protocol Configuration Syslog