Hello,
Please note that support for forwarding CA Compliance Event Manager events in real time to other SIEM platforms beyond Splunk was recently released as an Incremental Release PTF (previously available via APAR). Before this support, any feeding of events was accomplished in batch mode. Details about CA Compliance Event Manager Version 6.0 Incremental Release 4 (IR4) can be found at CA Support Online. Descriptions of the features released with IR4 are available in the product documentation.
Below is some information from the CA Compliance Event Manager side to address the Mainframe-related portion of the question. Additional information from Communities members is appreciated. If no one posts additional information about the QRadar console-related portion of the question, I would defer you to the existing QRadar public domain information. There are some excellent videos available on YouTube, along with product documentation that describes the QRadar configuration that is necessary to accept the events.
There are two options for setting up the feed from CA Compliance Event Manager to QRadar: You can define CA Compliance Event Manager Policy Statements using our out-of-the-box sample Policy Action text in distributed (UNIX) syslog format, and forward them to QRadar’s syslog port (typically 514). Alternatively, you can copy the syslog format sample text and very easily convert it into LEEF format. When doing so, you can adjust the KEY VALUE pairs, where appropriate, to map to the predefined LEEF Event attributes. For more information about configuring SIEM in CA Compliance Event Manager, see the product documentation.
Feel free to contact me directly for more details at James.Broadhurst@ca.com
Thanks,