IBM Security QRadar

#BeyondTheDSMGuide: NEW Microsoft Cloud App Security Workflow

By Wendy Willner posted Sun February 28, 2021 07:39 AM

  

Hi QRadar Community,

I’d like to shoutout my teammates Charlie Ma, Oleksandr Havlovych, Mike Richards, and  Chris Collins  for their contributions to this project as well as my counterpart at Microsoft, Dan Benjamin.

Anyway, just stopping by to let you all know that IBM Security has just posted a new workflow to Github (here) which allows users to ingest data from Microsoft Cloud App Security (MCAS) via the MCAS Rest API into QRadar.

This is the latest use of the IBM Universal Cloud Connector which was developed and released in 2020.  The Universal Cloud Connector is designed to enable security teams to more easily ingest data from a wide range of REST API cloud-based applications and services for enhanced visibility. To address this new dynamic, the Universal Cloud Connector includes a new Universal Cloud REST API Protocol that enables you to create log sources for the acquisition of data from REST API compatible data sources that aren’t currently supported.

Instructions for using this workflow for ingesting MCAS data into QRadar are available on the GitHub. For any parsing needs, please leverage the DSM Editor and stay tuned for more updates to this integration.

Check out Jose Bravo’s video on this integration:Here!

Are you going to give it a try? If so, let me know how it goes! Please feel free to reach out to me directly (wendy.willner@ibm.com).

IBM Security QRadar Universal Cloud REST API Documentation
IBM Security QRadar Universal Cloud REST API GitHub Repository
IBM Security QRadar Analyst Workflow
IBM Security QRadar Log Source Management App
IBM Security QRadar DSM Editor
Jose Bravo Tutorials:
Universal Cloud REST API Protocol Part One 
Universal Cloud REST API Protocol Part Two 

Thanks,

Wendy Willner

1 comment
16 views

Permalink

Comments

Wed March 10, 2021 02:28 PM

Anyone have any parsing built for this integration?