One of the Syslog formats supported by App Control is Q1Labs LEEF (Log Event Extended Format), which you can use to integrate App Control event logs with QRadar SIEM or QRadar Log Manager.
You configure Syslog integration on the System Configuration page Events tab in the App Control Console.
This section describes setup of QRadar Log Manager to accept App Control events, and the mapping of App Control event fields to Q1Labs LEEF fields. See your QRadar documentation for full information about QRadar and LEEF capabilities.
Note: If you are running
App Control version 8.1.0 or later, you must update the
QRadar DSM module for App Control to at least the
July 2017 version released by QRadar. This will enable QRadar to properly parse App Control 8.0- and 8.1-specific events. The previous DSM module for Bit9 Security Platform can still be used to integrate older versions of the Bit9 product with the QRadar.
