Hi QRadar Community,
I’d like to shoutout my teammates Charlie Ma, Oleksandr Havlovych, Mike Richards, and Chris Collins for their contributions to this project as well as my counterpart at Microsoft, Dan Benjamin.
Anyway, just stopping by to let you all know that IBM Security has just posted a new workflow to Github (here) which allows users to ingest data from Microsoft Cloud App Security (MCAS) via the MCAS Rest API into QRadar.
This is the latest use of the IBM Universal Cloud Connector which was developed and released in 2020. The Universal Cloud Connector is designed to enable security teams to more easily ingest data from a wide range of REST API cloud-based applications and services for enhanced visibility. To address this new dynamic, the Universal Cloud Connector includes a new Universal Cloud REST API Protocol that enables you to create log sources for the acquisition of data from REST API compatible data sources that aren’t currently supported.
Instructions for using this workflow for ingesting MCAS data into QRadar are available on the GitHub. For any parsing needs, please leverage the DSM Editor and stay tuned for more updates to this integration.
Check out Jose Bravo’s video on this integration:Here!
Are you going to give it a try? If so, let me know how it goes! Please feel free to reach out to me directly (firstname.lastname@example.org).
IBM Security QRadar Universal Cloud REST API Documentation
IBM Security QRadar Universal Cloud REST API GitHub Repository
IBM Security QRadar Analyst Workflow
IBM Security QRadar Log Source Management App
IBM Security QRadar DSM Editor
Jose Bravo Tutorials:
Universal Cloud REST API Protocol Part One
Universal Cloud REST API Protocol Part Two