IBM Sense
The JSA DSM for IBM Sense collects notable events from a local or external system that generates Sense events.
The following table describes the specifications for the IBM Sense DSM:
Specification |
Value |
---|---|
Manufacturer |
IBM |
DSM name |
IBM Sense |
RPM file name |
DSM-IBMSense-JSA_version-build_number.noarch.rpm |
Supported versions |
1 |
Protocol |
Syslog |
Event format |
LEEF |
Recorded event types |
User Behavior User Geography User Time User Access User Privilege User Risk Sense Offense Resource Risk |
Automatically discovered? |
Yes |
Includes identity? |
No |
Includes custom properties? |
No |
More information |
To integrate IBM Sense with JSA, complete the following steps:
If automatic updates are not enabled, download and install the most recent version of the following RPMs from the Juniper Downloads onto your JSA console:
IBM Sense DSM RPM
DSMCommon RPM
If JSA does not automatically detect the log source, add an IBM Sense log source on the JSA console. The following table describes the parameters that require specific values for IBM Sense event collection:
Table 2: IBM Sense Log Source Parameters Parameter
Value
Log Source type
IBM Sense
Protocol Configuration
Syslog
The following table provides a sample event message:
Event name |
Low level category |
Sample log message |
---|---|---|
Behavior Change |
User Behavior |
|
Configuring IBM Sense to Communicate with JSA
The User Behavior Analytics (UBA) app uses the IBM Sense DSM to add user risk scores and offenses into JSA. When the app is installed, an IBM Sense log source is automatically created and configured by the app. No user input or configuration is required.