Adding a Google Cloud Pub/Sub log source in QRadar

Set up a log source in IBM QRadar to use a custom log source type or an IBM log source type that supports the Google Cloud Pub/Sub protocol.

Before you begin

You can use the Google Cloud Pub/Sub protocol to retrieve any type of event from the Google Cloud Pub/Sub service. IBM provides DSMs for some Google Cloud services. Any services that don't have a DSM can be handled by using a custom log source type.

If you want to use an existing DSM to parse data, select the Use as a Gateway Log Source parameter option for more log sources to be created from data that is collected by this configuration. Alternatively, if log sources are not automatically detected, you can manually create them by using Syslog for the Protocol type parameter option.

Procedure

  1. Log in to QRadar.
  2. On the Admin tab, click the QRadar Log Source Management app icon.
  3. Click New Log Source > Single Log Source.
  4. On the Select a Log Source Type page, select a custom log source type or an IBM log source type that supports the Google Cloud Pub/Sub protocol.
  5. On the Select a Protocol Type page, from the Select Protocol Type list, select Google Pub/Sub Protocol.
  6. On the Configure the Log Source parameters page, configure the log source parameters, and then click Configure Protocol Parameters. For more information about configuring Google Cloud Pub/Sub protocol parameters, see Adding a Google Cloud Pub/Sub log source in QRadar.
  7. Test the connection to ensure that connectivity, authentication, and authorization are working. If available, view sample events from the subscription.
    1. Click Test Protocol Parameters, and then click Start Test.
    2. To fix any errors, click Configure Protocol Parameters, then test your protocol again.

    For more information about adding a log source in QRadar, see Adding a log source.