Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

IBM Security Trusteer Apex Local Event Aggregator

 

JSA can collect and categorize malware, exploit, and data exfiltration detection events from Trusteer Apex Local Event Aggregator.

To collect syslog events, you must configure your Trusteer Apex Local Event Aggregator to forward syslog events to JSA. Administrators can use the Apex L.E.A. management console interface to configure a syslog target for events. JSA automatically discovers and creates log sources for syslog events that are forwarded from Trusteer Apex Local Event Aggregator appliances. JSA supports syslog events from Trusteer Apex Local Event Aggregator V1304.x and later.

To integrate events with JSA, administrators can complete the following tasks:

  1. On your Trusteer Apex Local Event Aggregator appliance, configure syslog server.

  2. On your JSA system, verify that the forwarded events are automatically discovered.

Configuring Syslog for Trusteer Apex Local Event Aggregator

To collect events, you must configure a syslog server on your Trusteer Apex Local Event Aggregator to forward syslog events.

  1. Log in to the Trusteer Apex L.E.A. management console.
  2. From the navigation menu, select Configuration.
  3. To export the current Trusteer Apex Local Event Aggregator configuration, click Export and save the file.
  4. Open the configuration file with a text editor.
  5. From the syslog.event_targets section, add the following information:

    {

    host": "<JSA IP address>", "port": "514", "proto": "tcp"

    }

  6. Save the configuration file.
  7. From the navigation menu, select Configuration.
  8. Click Choose file and select the new configuration file that contains the event target IP address.
  9. Click Import.

    As syslog events are generated by the Trusteer Apex Local Event Aggregator, they are forwarded to the target specified in the configuration file. The log source is automatically discovered after enough events are forwarded to JSA. It typically takes a minimum of 25 events to automatically discover a log source.

Administrators can log in to the JSA console and verify that the log source is created. The Log Activity tab displays events from Trusteer Apex Local Event Aggregator.