IBM Security QRadar

Expand all | Collapse all

Event Collector for GCP and O365

  • 1.  Event Collector for GCP and O365

    Posted Tue October 06, 2020 02:44 PM
    Dear all,

    We are trying to configure an EC to collect logs from GCP (using the GCP Pub/Sub DSM) and O365. It appears that the O365 logs end up within the log source of GCP and they are not recognized then.

    Is it actually possible to have a single EC to collect logs from GCP and O365 ?

    Trying to overcome the fact that the O365 logs are mixed into the GCP incoming logs, we have tried to add a new log source that recognizes O365 logs within GCP (regex within the Log Source Identifer Pattern) but that does not seem to work as the O365 log is still unknown and unparsed).

    Any idea ?

    Thanks in advance.
    Regards
    Olivier.

    ------------------------------
    Olivier Paridaens
    ------------------------------


  • 2.  RE: Event Collector for GCP and O365

    Posted Wed October 07, 2020 08:55 AM
    Hi Olivier,

    Yes it is possible to collect many different types of logs from one EC. Likely you have a log source misconfiguration of some kind. If you can provide screenshots of your relevant log source configs I can likely point out the problem, or you can log a support case.

    Cheers
    Colin

    ------------------------------
    COLIN HAY
    IBM Security
    ------------------------------