Forward ICDx events via Syslog CEF forwarder

Article Id: 179391
Status: Published
Updated On: 09-09-2019 08:05
Legacy Id: HOWTO130442
Products:
ICDx
Issue/Introduction:

 

Resolution:

GOAL: Forward events from Integrated Cyber Defense eXchange (ICDx) to one of the data structures listed below:

  • IBM QRadar
  • CyberSponse CyOps
  • Exabeam

 

 

To integrate ICDx with IBM QRadar

  1. In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the IBM QRadar instance.
  2. From IBM, download and install the Symantec ICDx Content Pack For QRadar, here:
    https://exchange.xforce.ibmcloud.com/hub/extension/9bf92ae332571cac2476dfa8b1003ddc

     
  3. For additional assistance on installing the Symantec ICDx Content Pack for QRadar, see:
    https://www.ibm.com/support/pages/ibm-qradar-content-extension-symantec-endpoint-protection-custom-properties

 

NOTE: Reaching these resources may require an IBMid.

 

 

To integrate ICDx with other products listed above

  1. In ICDx UI, on Configuration> Forwarders, add a Syslog CEF forwarder which points to the server where you seek to forward ICDx events
  2. Consult the vendor of the other product for any additional steps needed to transform events into the non-ICDx data structure