Environment
- Carbon Black Cloud Console: All Versions
- VMware Carbon Black Cloud App for IBM QRadar: Version 2.0.0
- IBM QRadar: Version 7.3.3 Patch 6 and higher
Objective
Here are some steps to follow when troubleshooting a QRadar SIEM integration through initial setup or one that has stopped receiving events from the console with no changes to the environment.
Resolution
- Please follow the Installation and User Guide to ensure the integration has been setup correctly
- Verify that you are using the most up-to-date version of the CBC QRadar app
- Confirm that API keys and permissions are configured properly in the Carbon Black Cloud console, and that the correct API key is used in the Qradar app configuration
- Review the troubleshooting FAQ for any known issues
- Check inline network security controls for drops, blocks and pops
- Open a case with Carbon Black Technical Support and provide Qradar app logs and screenshots of all app configurations
Related Content
