Data Center Security

Hello everyone,

is anyone aware on a guide of how to configure syslog forwarding or any other integration between DCS and QRadar SIEM?

I can't find any specific connector and I was wondering if there is any.

Anyone faced the same issue?

Cheers

Matteo

DCS has no way to push information to SIEM or syslog servers, unlike SEP for example. 

I only have experience assisting with IBM Tivoli when it comes to this so, not sure what facilities QRadar has, but with Tivoli I believe it was possible to use a SQL connector to query the DB attached to DCS for event and status information, and this was deemed to be one of the most efficient ways to integrate into SIEM.  

I'm by no means a SIEM expert however. But from a DCS perspective, events need to be pulled, and doing it from the DB is generally the best way. Specifically CSPEVENT_VW for event data, and ASSET_HEALTH_VW for asset information. 

Hi Matteo

Did you check the IBM Security QRadar DSM Configuration Guide ? Seems that the IBM provides  a collector that queries the SDCS:SA (probably you need to look for Critical System Protection)  most important table.