...

Big Data - Azure Security

Back to Course

Lesson Description


Lession - #989 Azure security QRadar


To integrate Microsoft Azure Security Center with QRadar, complete the following steps:

In the event that programmed refreshes are not empowered, RPMs are accessible for download from the IBM support site (http://www.ibm.com/support>
. Download and introduce the latest variant of the accompanying RPMs on your QRadar Console:

Microsoft Azure Security Center DSM RPM

Microsoft Graph Security API Protocol DSM

Arrange Microsoft Azure Security Center to send occasions to QRadar. For more data see, Export security cautions and suggestions https://docs.microsoft.com/en-us/purplish blue/security-focus/consistent product>
.

Significant: QRadar upholds occasions just from the Microsoft Azure Security Center supplier. Occasions shipped off QRadar should have "provider:ASC" or "provider":"Azure Security Center" in the payload.

Add a Microsoft Azure Security Center log source on the QRadar Console.