Advanced Threat Protection

 View Only
  • 1.  ATP integration with IBM Qradar

    Posted Sep 17, 2018 07:53 AM

    Dear All,

    I trying to connect ATP app to IBM Qradar.

    I configure the app, ATP Server XX.XX.XX.XX and Authorization Token: it ok.

    I enter the ATP app(on IBM Qradar) 

    Everything is at 0.

    I configure Log source "ATP" Forwarded, And i do not get any logs. to SIEM.

    I would be happy to receive an answer, guidance on the matter

    (I created events that were opened on ATP Interface)

     

     



  • 2.  RE: ATP integration with IBM Qradar

    Posted Sep 25, 2018 04:45 AM

    Have you perhaps checked out these sites for further information?

     

    https://exchange.xforce.ibmcloud.com/hub/extension/6d5f99c56cc60d7234259369ca85d029

    https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/t_DSM_guide_Symantec_Endpoint_Protection_cfg.html

    Thanks!



  • 3.  RE: ATP integration with IBM Qradar

    Posted Sep 25, 2018 04:46 AM

    And another...

    https://exchange.xforce.ibmcloud.com/api/hub/extensionsNew/1258488c365b7cc0dd6e023e14767d64/Symantec_ATP_App_for_QRadar_DSD_v1.4.pdf

    Thanks!



  • 4.  RE: ATP integration with IBM Qradar

    Broadcom Employee
    Posted Sep 25, 2018 10:45 AM

    The QRadar App is developed and supported by IBM. You would need to contact their technial support for further troubleshooting.



  • 5.  RE: ATP integration with IBM Qradar

    Posted Jan 28, 2022 03:08 AM
    Hi I hope you will be fine.

    I am one of the new user in this community, need your help it will be appreciated I am integrating Symantec EDR app 1.5 with IBM Qradar. Can you share configuration guide from Symantec EDR end i think i am missing some configuration steps at Symantec EDR Server.

    At Qradar I installed the Symantec EDR app when using Symantec EDR URL and Client secret code it is giving an error:




  • 6.  RE: ATP integration with IBM Qradar
    Best Answer

    Posted Oct 04, 2018 04:17 AM
      |   view attached

    Thanks guy's.

    The problem was in the app symantec atp.

    symantec fix the issue integration with IBM Qradar.

    They update new version.

    Its work.