GOAL: Forward events from Integrated Cyber Defense eXchange (ICDx) to one of the data structures listed below:
- IBM QRadar
- CyberSponse CyOps
- Exabeam
To integrate ICDx with IBM QRadar
- In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the IBM QRadar instance.
- From IBM, download and install the Symantec ICDx Content Pack For QRadar, here:
https://exchange.xforce.ibmcloud.com/hub/extension/9bf92ae332571cac2476dfa8b1003ddc
- For additional assistance on installing the Symantec ICDx Content Pack for QRadar, see:
https://www.ibm.com/support/pages/ibm-qradar-content-extension-symantec-endpoint-protection-custom-properties
NOTE: Reaching these resources may require an IBMid.
To integrate ICDx with other products listed above
- In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the server where you seek to forward ICDx events
- Consult the vendor of the other product for any additional steps needed to transform events into the non-ICDx data structure