QRadar Configuration

Log Source for CDC Events

QRadar will try to create a Log Source automatically once it begins receiving CDC events, but you may need to create one manually. To do so, perform the following.

1. In QRadar, navigate to Admin → Log Sources.

2. Click + New Log Source.

3. Select Single Log Source.

4. Search for the Infoblox CDC log source type.

5. Search for the Syslog protocol.

6. Configure Log Source Parameters:

   1. Set the Name to Infoblox-CDC.
      NOTE: If you change this name, you will also need to change Logsource parameter in the Pulse dashboards to match.

   2. Set the Extension to InfobloxCDCCustom_ext.

   3. Set Store Event Payloads to True.

   4. Set Coalescing Events to Disabled.

   5. Set other settings as desired.

7. Set a relevant Log Source Identifier.

8. Set the Incoming Payload Encoding to UTF-8.

9. Click Finish.