Hi,
I am going to implement Log Export Service with our Cloud Qradar SIEM tool.
According to the Servicenow document 3 options are available:
Doc:
1. Dedicated MID Server: A dedicated MID Server is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytic tools via a REST connection
2. Leverage Kafka connector from your log analytic solution (for example, Splunk): A Kafka connector from your log analytics product of choice is installed on-prem or in the cloud that automatically connects to Hermes Messaging Service, pulls log events from it continuously and then pushes them to log analytics tools
3. Directly from your Kafka system: Your Kafka system connect directly with the Hermes Messaging Service and use its native Kafka protocol commands and connectivity to pull logs events from it.
I am going to use the option 2.
I have installed the LES on my Servicenow instance and configure the Hermes with the Security keys.
but I have question about the Kafka Connector, to implement it should I run a Kafka server and then connect it with the Qradar Cloud?
or IBM qradar should provide a Connector that enable us to connect the Servicenow LES to Qradar using Hermes Messaging directy.
I am confused a bit about the next step. any exprience?
