Scribd
Upload
84 views6 pages

INSPIRA - Configuring Cisco Wireless LAN Controllers To QRadar SIEM - v1.0

Uploaded by

Alex Samuel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views6 pages

INSPIRA - Configuring Cisco Wireless LAN Controllers To QRadar SIEM - v1.0

Uploaded by

Alex Samuel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Document Name

INSPIRA-Configuring Cisco Wireless LAN


Controllers to QRadar SIEM
Document Version 1.0

Author (Name) Suppala Sathwik

Proposed by Neel Shah

Approver 1 Neel Shah – Head – Implementation

Approver 2 Vandit Pandya – Head - MSSP

Date of Release 15 May 2024

Review Period Annually

Revision Effective Date Reason for Change

V1.0 15.05.2024 Initial document


INSPIRA- Configuring Cisco Wireless LAN Controllers to
QRadar SIEM
The IBM QRadar DSM for Cisco Wireless LAN Controllers collects events that are forwarded from
Cisco Wireless LAN Controller devices by using Syslog or SNMPv2.

If you collect events from Cisco Wireless LAN Controllers, select the best collection method for your
configuration. The Cisco Wireless LAN Controller DSM for QRadar supports both syslog and SNMPv2
events. However, syslog provides all available Cisco Wireless LAN Controller events, whereas
SNMPv2 sends only a limited set of security events to QRadar.

Configuring syslog for Cisco Wireless LAN Controller


You can configure the Cisco Wireless LAN Controller to forward syslog events to IBM QRadar.

Procedure

1. Log in to your Cisco Wireless LAN Controller interface.

2. Click the Management tab.

3. From the menu, select Logs > Config.

4. In the Syslog Server IP Address field, type the IP address of your QRadar Console.

5. Click Add.

6. From the Syslog Level list, select a logging level.

The Information logging level allows the collection of all Cisco Wireless LAN Controller events above
the Debug logging level.

7. From the Syslog Facility list, select a facility level.

8. Click Apply.

9. Click Save Configuration.

What to do next

You are now ready to configure a syslog log source for Cisco Wireless LAN Controller.

Syslog log source parameters for Cisco Wireless LAN Controller


If QRadar does not automatically detect the log source, add a Cisco Wireless LAN Controller log
source on the QRadar Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events
from Cisco Wireless LAN Controllers:
Configuring SNMPv2 for Cisco Wireless LAN Controller
SNMP event collection for Cisco Wireless LAN Controllers allows the capture of events for IBM
QRadar

About this task

The following events are collected:

• SNMP Config Event

• bsn Authentication Errors

• LWAPP Key Decryption Errors

Procedure
1. Log in to your Cisco Wireless LAN Controller interface.

2. Click the Management tab.

3. From the menu, select SNMP > Communities.

You can use the one of the default communities that are created or create a new community.

4. Click New.

5. In the Community Name field, type the name of the community for your device.

6. In the IP Address field, type the IP address of QRadar.

The IP address and IP mask that you specify is the address from which your Cisco Wireless LAN
Controller accepts SNMP requests. You can treat these values as an access list for SNMP requests.

7. In the IP Mask field, type a subnet mask.

8. From the Access Mode list, select Read Only or Read/Write.

9. From the Status list, select Enable.

10. Click Save Configuration to save your changes.

What to do next

You are now ready to create a SNMPv2 trap receiver.

Configuring a trap receiver for Cisco Wireless LAN Controller


Trap receivers that are configured on Cisco Wireless LAN Controllers define where the device can
send SNMP trap messages.

About this task

To configure a trap receiver on your Cisco Wireless LAN Controller, take the following steps:
Procedure
1. Click the Management tab.

2. From the menu, select SNMP > Trap Receivers.

3. In the Trap Receiver Name field, type a name for your trap receiver.

4. In the IP Address field, type the IP address of IBM QRadar.

The IP address you specify is the address to which your Cisco Wireless LAN Controller sends SNMP
messages. If you plan to configure this log source on an Event Collector, you want to specify the
Event Collector appliance IP address.

5. From the Status list, select Enable.

6. Click Apply to commit your changes.

7. Click Save Configuration to save your settings.

What to do next

You are now ready to create a SNMPv2 log source in QRadar.

SNMPv2 log source parameters for Cisco Wireless LAN Controllers


If QRadar does not automatically detect the log source, add a Cisco Wireless LAN Controller log
source on the QRadar Console by using the SNMPv2 protocol.

The following table describes the parameters that require specific values to collect SNMPv2 events
from Cisco Wireless LAN Controllers:

You might also like