Symantec System Center - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual

77
Step 1
Step 2
S
YMANTEC
A STRM Symantec System Center (SSC) DSM retrieves events from a SSC
database using a custom STRM view. STRM records all SSC events. You must
configure the SSC database with a user that has read and write privileges for the
custom STRM view, which reports the correct information to STRM.
To integrate a SSC DSM with STRM:
In the Microsoft SQL Server database used by the SSC device, configure a custom
default view to support STRM:
Note: The database name must not contain any spaces.
CREATE VIEW dbo.vw_qradar AS SELECT
dbo.alerts.Idx AS idx,
dbo.inventory.IP_Address AS ip,
dbo.inventory.Computer AS computer_name,
dbo.virus.Virusname AS virus_name,
dbo.alerts.Filepath AS filepath,
dbo.alerts.NoOfViruses AS no_of_virus,
dbo.actualaction.Actualaction AS [action],
dbo.alerts.Alertdatetime AS [date]
dbo.clientuser.Clientuser AS user_name FROM
dbo.alerts INNER JOIN
dbo.virus ON dbo.alerts.Virusname_Idx =
dbo.virus.Virusname_Idx INNER JOIN
dbo.inventory ON dbo.alerts.Computer_Idx =
dbo.inventory.Computer_Idx INNER JOIN
dbo.actualaction ON dbo.alerts.Actualaction_Idx =
dbo.actualaction.Actualaction_Idx INNER JOIN
dbo.clientuser ON dbo.alerts.Clientuser_Idx =
dbo.clientuser.Clientuser_Idx
In the STRM interface, configure the JDBC protocol to interact with the created
STRM custom view.
Configuring DSMs Guide
S C
YSTEM ENTER