Hi
this is one of the strangest requests I have ever seen about cloud and log transfer.
Anyway I will try to set it right.
1st of all from what you write it sounds like your QRadar is already running in the cloud. If you want to get logs from there to somewhere else you use the log forwarder option rather than EC/EP. Those should exist already and are not needed. Of course you have to set your cloud network and firewall correctly.
However my guess is your cloud environment isn't setup to forward any logs at all yet. If that is the case there are hundred ways to pull your cloud based logs to your on prem QRadar based on the cloud environment you have. Technology differs for AWS, MS, IBM and Google.
pls study DSM guide first. You can use your on prem EC/EP to do so. There is no need to setup an extra EC/EP in the cloud to achieve good results. Of course you could do that theoretically however cloud based log management is very different from on prem install and I doubt this will get you anywhere.
my 0.2 cents
Karl
------------------------------
[Karl] [Jaeger] [Business Partner]
[QRadar Specialist]
[pro4bizz]
[Karlsruhe] [Germany]
[4972190981722]
------------------------------
Original Message:
Sent: Mon September 04, 2023 01:22 PM
From: Punith Rajanna
Subject: Sending logs from cloud EC/EP to on-prem Qradar
Hello All,
We are working on integrating cloud logs to our on prem Qradar setup. Please let us know how we can transfer the logs from cloud by installing EC or EP and forward the logs to on-prem deployment.
Any document around would be much appreciated.
Thanks in advance.
------------------------------
Punith Rajanna
------------------------------