IBM Security QRadar

 View Only
  • 1.  Google Cloud Platform

    Posted Fri September 11, 2020 08:52 AM

    Hi everyone,

    We have integrate via Pub/Sub logs from our differents projects on Google Cloud Platform to our QRadar. However, we have seen that there is no official DSM to parse these logs. 

    Does anyone know if there is any 'unofficial' DSM published anywhere? GCP has hundreds of types of logs and to parse each one individually...

    Thank you in advanced!

    Álvaro



    ------------------------------
    ALVARO GARNICA NAVARRO
    ------------------------------


  • 2.  RE: Google Cloud Platform

    Posted Tue October 27, 2020 11:05 AM
    Hi Álvaro,

    There are a couple official DSMs that work with the Google Pub/Sub protocol:

    -Google Cloud Audit
    -Google Cloud Platform Firewall

    Both are available from Fix Central:

    https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.4.0&platform=Linux&function=all#DSM
    https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=Linux&function=all#DSM

    Cheers
    Colin

    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------