SIEM news! F5 Distributed Cloud’s remote logging adds IBM’s QRadar
Along with the likes of Splunk and DataDog, we can add another SIEM vendor in the Distributed Cloud (XC) external logging line up. QRadar has its own native integration drop-down from the Global Log Receiver menu.
We know Distributed Cloud’s innate security and performance dashboards are rich with data. Even still, many customers prefer to use their existing SIEM environment to ingest the security events generated from Distributed Cloud. In support of this, a custom F5 XC specific content pack was created to hasten the ease of use within QRadar itself. The content pack consists of a zip file which contains what IBM calls a DSM (Device Support Module) which collects, maps and parses the security events in JSON format. The F5 XC content pack covers both security and access logs.
The content pack is discoverable on IBM’s X-Force App Exchange under F5 Distributed Cloud.
QRadar is able to collect events forwarded via HTTP or HTTPs. For a deeper technical walkthrough please see the video I’ve created.