Google Cloud Platform - Cloud DNS sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage return or line feed characters.
Google Cloud Audit Logs sample message when you use the Google Cloud Pub/Sub protocol: list of objects retrieved
The following sample event message shows the retrieval of a list of objects that match the criteria that are provided. This retrieval is the result of an action that was taken by Google Cloud Storage.
{"insertId":"1es1wwue2wo69","jsonPayload":{"authAnswer":true,"destinationIP":"10.239.32.109","protocol":"UDP","queryName":"qradar74.googlecloud.integrationtesting.net.","queryType":"AAAA","responseCode":"NOERROR","serverLatency":0,"sourceIP":"10.194.97.4","structuredRdata":[]},"logName":"projects/qradar-iteam-262212/logs/dns.googleapis.com%2Fdns_queries","receiveTimestamp":"2022-06-09T20:03:20.12015449Z","resource":{"labels":{"location":"global","project_id":"qradar-iteam-262212","source_type":"internet","target_name":"googlecloud-integrationtesting-net","target_type":"public-zone"},"type":"dns_query"},"severity":"INFO","timestamp":"2022-06-09T20:03:19.792706324Z"}| QRadar field name | Highlighted payload field name |
|---|---|
| Event ID | queryType + responseCode |
| Event Category | The value in QRadar is GoogleCloudDNS, which is the name of the service. |
| Logsource Time | timestamp |
| Destination IP | destinationIP |
| Source IP | sourceIP |