Skip to main content

QRadar Integration with SureMDM

QRadar Configuration

To configure QRadar to receive logs from SureMDM, follow these steps:

  1. Navigate to the QRadar Console.

  2. Create an account or Log in to the existing QRadar account.

  3. Go to Admin and click Log Sources.

  4. In the Log Sources prompt, click Add and configure the following details:

  • Log Source Type - Select Universal DSM.

  • Log Source Identifier - Enter the SureMDM Server IP Address or Hostname.

  • Protocol Configuration – Select Syslog.

  • Syslog Protocol – Select UDP, TCP, or TCP/TLS.

  • Port - Enter the port number. The default port is 514, unless it has been customized.

    note

    Ensure that the Syslog Protocol and Port number configured in QRadar are identical to the values configured in SureMDM. A mismatch in the protocol or port number will result in log transmission failure.

  • Log Source Identifier Type - Enter the SureMDM Account URL.

  1. After configuring the required details, click Save.

  2. Click Deploy Changes from the top menu to apply the configuration.

Once deployed, QRadar is ready to receive logs from SureMDM.

QRadar Integration in SureMDM Web Console

To integrate QRadar with SureMDM Web Console, follow these steps:

  1. Navigate to SureMDM Web Console > Settings (icon located at the top right of the screen) > Account Settings > SIEM Integration.

  2. Configure the following required settings and click Validate.

SettingsDescription
Enable SIEM IntegrationEnable this option to allow configuration of SIEM settings.
Select ServerSelect the SIEM type as QRadar from the dropdown menu.
Syslog FormatSyslog format is the standardized message format used for logging system events. Select either RFC5424 or RFC3164 as required.
Server AddressEnter the IP address or Domain Name of the QRadar Console.
PortEnter the port number configured on QRadar Console to receive syslog events. Note: The default port is 514, unless it has been customized.
ProtocolSelect the protocol: TCP, UDP, or TCP/TLS based on your QRadar configuration.

After successful configuration, SureMDM will forward system activity logs and device logs to QRadar as per the configured syslog settings.

Access Logs in QRadar

After the successful integration of the SureMDM Web Console with QRadar, the log details recorded in the console will be automatically updated and can be easily accessed for monitoring and analysis.

To verify log reception in QRadar, follow these steps:

  1. Log in to QRadar Console using your credentials.

  2. Navigate to Log Activity.

  3. Apply a filter for Log Source and select SureMDM.

The incoming logs from the SureMDM account will be displayed once the integration is successfully completed. All the SureMDM account system logs and device logs will be visible here for monitoring and analysis.