Introduction to QRadar Integration
The Delinea for QRadar Integration Guide is written to assist Delinea customers with the task of easily integrating event data in Delinea Server Suite with QRadar.
You can leverage the Delinea Add-on for QRadar to normalize Delinea events in QRadar.
This integration guide applies to the following QRadar versions and Delinea Server Suite releases:
| QRadar Versions | Centrify Server Suite Releases | |
|---|---|---|
| 7.2.8 and above | 2016 | |
| 2016.1 2016.2 2017 2017.1 2017.2 2017.3 |
QRadar Components
The following diagram illustrates the QRadar components that interact with the Delinea Add-on for QRadar:
Important Information About This Guide
Some sections in this document apply to:
-
Windows installations only
-
*Nix installations only
-
All operating systems
In cases where different steps are required for Windows versus *Nix, two separate sections are provided, one for each operating system (OS). In those sections that only pertain to *Nix, Linux examples are used. If you use a different *Nix OS, see the documentation for your system for more information.
WinCollect Agent
The WinCollect agent collects Delinea audit trail events from the Windows machine and forwards them to the QRadar Console. You can download the WinCollect agent from IBM Fix Central at:
https://www.945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Security+QRadar+SIEM&fixids=7.2.0-QRADAR-wincollect-7.2.5-27.x64.exe&source=dbluesearch&function=fixId&parent=IBM%20Security
Syslog Daemon
The syslog daemon collects Delinea audit trail events from a Linux machine and forwards them to the QRadar Console.
Delinea Server Suite Device Support Module (DSM)
The Delinea Server Suite DSM collects Delinea events on the QRadar Console. You can get this DSM from: https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/c_dsm_guide_Centrify_Server_Suite_overview.html
Delinea Add-on for QRadar
The Delinea Add-on for QRadar (in CentrifyForQRadar.zip) consists of approximately 120 Custom Event Properties for parsing different fields from the Delinea audit trail events. You can get the Delinea Add-on for QRadar from the Delinea web site.
