search cancel

PAM integration with IBM QRadar

book

Article ID: 189204

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Can PAM be integrated with IBM QRadar?

Environment

Product: Layer 7 Privileged Access Management.
Release: 3.x

Resolution

Unfortunately PAM does not have an 'Out of the Box' integration with IBM QRadar. The SIEM (Security Information and Event Management) integration that we have is with Splunk.  

Nonetheless, just like Splunk, QRadar can also receive syslog events.
This would allow us to send the syslog events generated in the PAM Server to the QRadar computer. 
As per the following IBM document, it looks like QRadar uses port# 514:

Verifying that QRadar receives syslog events

In order to set the proper syslog events redirection, open the PAM Client and go to 'Configuration / Logs / Syslog




Here you can enable the redirection of the syslog event to a specified server and port.

Additional Information

If you want official integration in IBM Qradar - than please open an idea (enhancement) in our Symantec Privileged Access Management Community

Attachments