GOAL: Forward events from Integrated Cyber Defense eXchange (ICDx) to one of the data structures listed below:
- IBM QRadar
- CyberSponse CyOps
To integrate ICDx with IBM QRadar
- In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the IBM QRadar instance.
- From IBM, download and install the Symantec ICDx Content Pack For QRadar, here:
- For additional assistance on installing the Symantec ICDx Content Pack for QRadar, see:
NOTE: Reaching these resources may require an IBMid.
To integrate ICDx with other products listed above
- In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the server where you seek to forward ICDx events
- Consult the vendor of the other product for any additional steps needed to transform events into the non-ICDx data structure