Configuration
This section outlines the configuration settings required to integrate Delinea Secret Server with IBM QRadar. Proper configuration ensures that log data from Secret Server is accurately transmitted, parsed, and displayed within QRadar for security monitoring and analysis.
Configuration steps differ depending on whether you are using Secret Server On-Premises or Secret Server Cloud (SSC), and whether QRadar is deployed On-Premises or as QRadar Cloud (SaaS).
Supported Deployment Configurations
The following Secret Server and IBM QRadar deployment combinations have been validated and are supported for this integration:
| Secret Server Deployment | QRadar Deployment |
|---|---|
| Secret Server On-Premises | QRadar On-Premises |
| Secret Server On-Premises | QRadar Cloud (SaaS) |
| Secret Server Cloud (SSC)* | QRadar On-Premises |
| Secret Server Cloud (SSC)* | QRadar Cloud (SaaS) |
Secret Server Cloud requires a Distributed Engine to forward syslog or CEF events to QRadar.
The configuration process includes:
-
Configuring QRadar – Configure QRadar to recognize and process Secret Server logs by uploading a log source extension and creating a corresponding log source.
-
Configuring Secret Server – Enable Syslog or CEF logging and configure the QRadar IP address and port (typically 514) to forward logs.
