McAfee Network Security Platform (formerly known as McAfee Intrushield)
The IBM QRadar McAfee Network Security Platform DSM collects syslog events from a McAfee Network Security Platform device. QRadar records all relevant events.
To integrate McAfee Network Security Platform with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- DSM Common RPM
- McAfee Network Security Platform, DSM RPM
- To configure your McAfee Network Security Platform device to send events to QRadar, select your McAfee Network
Security Platform device version.
- Configuring alert events for McAfee Network Security Platform 2.x - 5.x.
- Configuring alert events for McAfee Network Security Platform 6.x - 7.x.
- Configuring alert events for McAfee Network Security Platform v8x - 10x.
- Configuring fault notification events for McAfee Network Security Platform 6.x - 7.x.
- Configuring fault notification events for McAfee Network Security Platform 8.x - 10.x.
- If QRadar does not automatically detect the log source, add a McAfee Network Security Platform log source on the QRadar Console.