I want to Forward SolarWinds Platform Audit Log events to SIEM. Platform version: 2024.2.1
When you say SIEM - what do you exactly mean by that ? (Which SIEM solution are you talking about) Check if there is an SIEM agent that can be installed on SolarWinds Servers, if that can be done I am sure the SIEM agent can read the logs from SolarWinds Servers. Hope this helps.
Hi vinay! the SIEM solution is IBM QRadar. Thanks for your suggestion. If you have any more information regarding QRadar then please share.
I haven't worked on IBM QRadar but then seems like they have different options to do so:
1. Agent based which I mentioned in my previous point - https://www.ibm.com/docs/en/qradar-common?topic=installations-installing-wincollect-agent-windows-host
2. Looks like it also supports agentless - https://www.ibm.com/support/pages/qradar-agentless-windows-events-collection-using-msrpc-protocol-msrpc-faq
If you have access to raising a vendor support case with IBM - do raise and ticket and check what best suites for your requirement.
Hope this helps.
