Hi QRadar Community! Just stopping by to let you know about a very exciting new integration between IBM Cloud Activity Tracker and IBM Security QRadar!
Activity Tracker is an IBM Cloud Service that produces events when user-initiated activities change the state of a service in IBM Cloud. Activity empowers users to see, manage and analyze cloud actions and meets security and regulatory needs of users. Some of the key functions of IBM Cloud Activity Tracker are (here):
- Identifications of security incidents and detection of unauthorized access.
- High-level security governance for your IT resources in the cloud.
- Provides administrators with the ability to capture, store, view, search, and monitor API activity in a single place.
The IBM Security QRadar Team has developed a new Activity Tracker Device Support Module (DSM) for QRadar. This DSM allows users to ingest events from Activity Tracker into QRadar and provides Security Teams with a single view of their IBM Cloud Activity data from other security devices across their environments.
IBM Cloud Activity Tracker events are published in CADF format and then can be streamed to an instance of IBM Cloud’s Event Streams Service (here) and ingested into QRadar via our Kafka Protocol.
This initial integration includes support for Platform and Infrastructure Services (here). Details about the data included in the IBM Cloud Activity Tracker can be found (here).
All of the configuration steps can be found in the QRadar Documentation: https://www.ibm.com/docs/en/dsm?topic=cloud-activity-tracker.Conclusion:
Will you try it out? Let me know!
Huge thanks to Amir Rached for excellent delivery work and the Activity Tracker Development team for their support!