I’m trying to entegrate the indeni with Qradar. However I do not find a DSM for indeni syslogs as expected. I’m wondering what is the value to entegrate the indeni and Qradar other than the audit logs and compliance.
The Qradar integration docs always present this example:
The local facility, for example, local 3 .
Please see this link for more details: https://www.ibm.com/support/knowledgecenter/en/SS42VS_DSM/t_dsm_guide_trend_micro_dd_inspectorV3_0_enable_comm.html?cp=SS42VS_7.2.8
Let us know if we’re sending the wrong values for Splunk/QRadar so we can make the appropriate adjustments.