QMEA Microsoft Exchange Audit
Microsoft Exchange Audit for IBM Security QRadar SIEM is an application for exporting Microsoft Exchange Admin Audit and Mailbox Audit logs and forwarding log records via Syslog protocol (TCP/514) to the QRadar Console in near real time. The log format generated by QMEA is automatically recognized by QRadar, so there is no need to create a log source manually.
Supported Microsoft Exchange versions are:
- 2010 SP1+
The initial collection gets audit data for the last 1 hour. The previous collection time can be reset by clicking on the corresponding button in the configuration window to start another collection as an initial one. To minimize potential performance impact on Exchange Server, only the last 24-hour audit logs are being collected even if the previous collection occurred more than 24 hours ago.
QRadar Native Alternatives
These logs are not available via standard QRadar protocols. Third-party LogBinderEX solution is much more expensive and requires agent installation on target servers.
QMEA is a commercial application by ScienceSoft with some of its functionality available for free. QMEA license is required in case a user wants to collect data continuously in near real time. If no license is applied, data collection can only be performed once per 6 hours.
IBM App Exchange
QMEA Microsoft Exchange Audit is officially available at IBM Security App Exchange. Please, follow the link to download it now.