You can forward data to Unomaly from a Security Threat Response Manager (STRM), such as IBM QRadar or Juniper STRM.

IBM QRadar is an enterprise SIEM solution used to collect, parse, and correlate logs for security purposes. This integration makes use of a QRadar built-in capabilities to forward syslog data to third-party systems. This will allow for plug-and-play real-time machine learning and anomaly detection by Unomaly on data sent to QRadar.


Instructions

IBM QRadar has built-in support for forwarding data.

  1. Login to the IBM QRadar GUI.

  2. Access the Admin tab and select Data Sources and open Syslog Forwarding Destination.

  3. Add the Unomaly IP address as a forwarding destination to each QRadar event collector that processes data that you want to forward.

  4. Configure sending to port 5514, so Unomaly extracts the source from the syslog header instead of the STRM source IP. Save the configuration.

  5. In the Admin tab, click Deploy to enable the configuration. This may take a few minutes.

  6. Verify that hosts and data are received and displayed in Unomaly.