To configure the Identity Manager Collector,
In the Event Source Management live view, right-click the Collection Manager, then click Add Collector.
Select NetIQ in the Vendor column.
Select Identity Manager in the Name column, then click Next.
From the Installed Scripts column, select NetIQ_Identity-Manager_6.1r7, then click Next.
Configure the Identity Manager Collector for your needs using the following information, then click Next:
|
Configuration Parameter |
Default Value |
Description |
|---|---|---|
|
Alert Unsupported Events |
no |
Generates an event for the event source data not handled by the Identity Manager Collector. |
|
Default Reporter Name |
DEFAULT_RN |
Populates the Reporter Name event tag with this text, if not handled in the collector script. |
|
Default Sensor Name |
DEFAULT_SN |
Populates the Sensor Name event tag with this text, if not handled in the collector script. |
|
Default Severity |
3 Medium (3) |
The default severity assigned to the events, if the severity mapping is not defined in the collector script. |
|
Event Source Missing Year |
yes |
Select whether to use the current year if year is not reported in the event source timestamp. |
|
Event Source Time Zone |
+0000 |
Sets the time zone offset UTC (+0000) of the event source data timestamps. This is used if the source data is reported only in local time with no time zone indicated. The format is + or - followed by a two digit hour and minute offset. |
|
Event Source Time uses 24 Hour Clock |
yes |
Select whether the time reported in the event source data is in the 24 hour format. |
|
Execution Mode |
release |
Sets the executions mode for the collector. There are three options:
|
|
IP To Country Mapping |
off |
Select whether to determine the source country from the Source IP. |
|
MSSP Customer Name |
|
|
|
Script Error Severity |
5 Severe (5) |
Sets the severity for a script error event. |
|
Send Script Error Message |
yes |
Sends a script error event when there is an error with the collector script. |
|
Taxonomy Filename |
tx_novl_idm_3x.csv |
The name of the taxonomy CSV file used by the collector script. |
|
Translate IP and hostname |
no |
Translates the IP address to the hostname and the hostname to the IP address for the source and destination, if it is missing. This parameter uses the packages with the collector. These files must be pre-filled with the host information if name resolution is desired. |
|
Unsupported Events Severity |
1 Trivial (1) |
Assigned severity for unhandled events generated by the collector script. |
|
Configuration Parameter |
Default Value |
Description |
|---|---|---|
|
Alert Unsupported Events |
no |
Generates an event for the event source data not handled by the Identity Manager Collector. |
|
Default Reporter Name |
DEFAULT_RN |
Populates the Reporter Name event tag with this text, if not handled in the collector script. |
|
Default Sensor Name |
DEFAULT_SN |
Populates the Sensor Name event tag with this text, if not handled in the collector script. |
|
Default Severity |
3 Medium (3) |
The default severity assigned to the events, if the severity mapping is not defined in the collector script. |
|
Event Source Missing Year |
yes |
Select whether to use the current year if year is not reported in the event source timestamp. |
|
Event Source Time Zone |
+0000 |
Sets the time zone offset UTC (+0000) of the event source data timestamps. This is used if the source data is reported only in local time with no time zone indicated. The format is + or - followed by a two digit hour and minute offset. |
|
Event Source Time uses 24 Hour Clock |
yes |
Select whether the time reported in the event source data is in the 24 hour format. |
|
Execution Mode |
release |
Sets the executions mode for the collector. There are three options:
|
|
IP To Country Mapping |
off |
Select whether to determine the source country from the Source IP. |
|
MSSP Customer Name |
|
|
|
Script Error Severity |
5 Severe (5) |
Sets the severity for a script error event. |
|
Send Script Error Message |
yes |
Sends a script error event when there is an error with the collector script. |
|
Taxonomy Filename |
tx_novl_idm_3x.csv |
The name of the taxonomy CSV file used by the collector script. |
|
Translate IP and hostname |
no |
Translates the IP address to the hostname and the hostname to the IP address for the source and destination, if it is missing. This parameter uses the packages with the collector. These files must be pre-filled with the host information if name resolution is desired. |
|
Unsupported Events Severity |
1 Trivial (1) |
Assigned severity for unhandled events generated by the collector script. |
Complete the configuration of the Identity Manager Collector with the following information, then click Finish:
Name: Specify a name for this connector.
Run: Select whether the connector is started whenever the Collector Manager is started.
Alert if no data received in specified time period: (Optional) Select this option to send the No Data Alert event to Sentinel if data is not received by the Connector in the specified time period.
Limit Data Rate: (Optional) Select this option to set a maximum limit on the rate of data the connector sends to Sentinel. If the data rate limit is reached, Sentinel throttles back on the source in order to limit the flow of data.
Set Filter: (Optional) Specify a filter on the raw data passing through the connector.
Trust Event Source Time: (Optional) Select this option if you trust the Event Source server’s time.
The next step is to proceed to Section 4.0, Installing the Audit and Syslog Connectors.