Advanced Threat Protection

  • 1.  ATP integration with IBM Qradar

    Posted Sep 17, 2018 07:53 AM

    Dear All,

    I trying to connect ATP app to IBM Qradar.

    I configure the app, ATP Server XX.XX.XX.XX and Authorization Token: it ok.

    I enter the ATP app(on IBM Qradar) 

    Everything is at 0.

    I configure Log source "ATP" Forwarded, And i do not get any logs. to SIEM.

    I would be happy to receive an answer, guidance on the matter

    (I created events that were opened on ATP Interface)

     

     



  • 2.  RE: ATP integration with IBM Qradar

    Posted Sep 25, 2018 04:45 AM

    Have you perhaps checked out these sites for further information?

     

    https://exchange.xforce.ibmcloud.com/hub/extension/6d5f99c56cc60d7234259369ca85d029

    https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/t_DSM_guide_Symantec_Endpoint_Protection_cfg.html

    Thanks!



  • 3.  RE: ATP integration with IBM Qradar

    Posted Sep 25, 2018 04:46 AM

    And another...

    https://exchange.xforce.ibmcloud.com/api/hub/extensionsNew/1258488c365b7cc0dd6e023e14767d64/Symantec_ATP_App_for_QRadar_DSD_v1.4.pdf

    Thanks!



  • 4.  RE: ATP integration with IBM Qradar

    Broadcom Employee
    Posted Sep 25, 2018 10:45 AM

    The QRadar App is developed and supported by IBM. You would need to contact their technial support for further troubleshooting.



  • 5.  RE: ATP integration with IBM Qradar

    Posted Jan 28, 2022 03:08 AM
    Hi I hope you will be fine.

    I am one of the new user in this community, need your help it will be appreciated I am integrating Symantec EDR app 1.5 with IBM Qradar. Can you share configuration guide from Symantec EDR end i think i am missing some configuration steps at Symantec EDR Server.

    At Qradar I installed the Symantec EDR app when using Symantec EDR URL and Client secret code it is giving an error:


    Original Message


  • 6.  RE: ATP integration with IBM Qradar
    Best Answer

    Posted Oct 04, 2018 04:17 AM

    Thanks guy's.

    The problem was in the app symantec atp.

    symantec fix the issue integration with IBM Qradar.

    They update new version.

    Its work.



  • 7.  RE: ATP integration with IBM Qradar

    Posted Sep 30, 2024 06:56 PM

    It sounds like you've correctly configured the ATP app and log source in QRadar, but the logs are not reaching the SIEM.

    Here are a few steps to check:

    1. Verify that the ATP server is correctly forwarding logs to the QRadar instance.
    2. Ensure the log source in QRadar is set to receive data from ATP.
    3. Check network/firewall settings to ensure there's no blockage between ATP and QRadar.
    4. Review QRadar's logs for any errors related to the log source.

    If everything seems correct, try restarting the log source or re-authenticating the connection.


    Original Message