Getting started
Products concerned: SNS 4.x
Last update: December 2020
Of all the cybersecurity components that can be deployed to secure a network, Stormshield’s SNS firewalls and IBM’s Security QRadar come together to ensure that security operations center (SOC) analysts and administrators can fully trust the defenses that are implemented and obtain relevant information about events occurring on their networks.
As a cybersecurity vendor, Stormshield has protected organizations that host critical and highly sensitive infrastructures for the past 20 years with its firewall range. Thanks to Stormshield firewalls, administrators are able to secure their networks, monitor the nature of data that their users share, and encrypt data through IPsec VPN tunnels. As for all the routine events that take place every day, Stormshield firewalls generate logs that keep administrators informed as soon as events occur on the network. Stormshield SNS firewalls’ ability to organize and categorize logs gives administrators a deeper understanding of what their firewalls process.
IBM’s Security QRadar Device Support Module (DSM) offers administrators and SOCs the possibility of integrating SNS firewall logs into IBM Security QRadar so that they can obtain relevant information in their security information and event management (SIEM) solution. With this combination, security teams can analyze network behavior in real time and detect threats that target their organization.
The IBM Security Qradar DSM for Stormshield firewalls makes it possible to analyze the following log categories:
- Authentication,
- Firewall,
- Intrusion prevention (IPS),
- Threat management (UTM),
- Sandboxing,
- System events,
- Alarms.
About this document
IBM QRadar is a security information and event management (SIEM) solution that enables the real-time analysis of security alerts generated by network-based applications and solutions.
This document explains how to integrate the Stormshield Network Security DSM into IBM QRadar.
Requirements and compatibility
- SNS DSM version: 1.0.0 (published: October 2020),
- IBM QRadar 7.3.2 and higher,
- SNS 3.7 and higher.