IBM Security QRadar

 View Only
  • 1.  Postgres audit integration

    Posted Tue March 05, 2019 07:41 AM
    Hello,
    We need to integrate the audit logs of a postgres database to QRadar but we have not found any documentation. Is there someone to help us do this integration?
    Thanks in advance.

    Best regards.


    ------------------------------
    Mourad EL HADOUMI
    ------------------------------


  • 2.  RE: Postgres audit integration

    Posted Tue March 05, 2019 09:13 AM
    Hello Mourad,

    Have you tried using the JDBC Protocol?, https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/c_logsource_JDBCprotocol.html?cp=SS42VS_7.3.2

    It does support Postgres, all depending what application uses the database the logs will be different. The first step is to collect the logs and then create a parser. For all supported applications and solutions we have explicit instructions on how to collect those logs. I am assuming you are trying to collect custom application logs.

    Give it a try by using the Universal DSM and selecting JDBC protocol.


    ------------------------------
    Eduardo Torreblanca
    ------------------------------



  • 3.  RE: Postgres audit integration

    Posted Thu January 28, 2021 05:18 PM
    We have a need to do the same thing. Did anyone accomplish this successfully or find another solution? 

    Wouldn't it be a pretty involved process to setup and configure the DSM regex?

    ------------------------------
    Chris Dixon
    ------------------------------



  • 4.  RE: Postgres audit integration

    IBM Champion
    Posted Fri January 29, 2021 07:07 AM
    If the Postgres is in AWS, you could use the AWS RDS logging plugin for Postgres.  I've written an AWS RDS log parser that pulls from the AWS S3 bucket, it wasn't very hard.

    ------------------------------
    Frank Eargle
    ------------------------------



  • 5.  RE: Postgres audit integration

    Posted Tue June 06, 2023 10:07 AM

    Hi Frank, 

    I have the same requirement in my environment.I am able to pull the logs to Qradar from S3 bucket.

    But however facing issues while creating the parser. could you please share  some helpful content/related document related to Event Mapping.

    Regards,

    SP



    ------------------------------
    SP
    ------------------------------



  • 6.  RE: Postgres audit integration

    Posted Fri May 12, 2023 11:00 AM

    Hello,

    This question seem likes no answer yet since 2019.
    I am looking for way to integrate postgreSQL audit log with SIEM too, but not yet found it. Can anyone share how you do in your organization? 

    Appreciate your sharing.

    Sokoeun



    ------------------------------
    Sokoeun LOEUN
    ------------------------------