Configuring Google Cloud Audit Logs to communicate with QRadar

Before you can add a log source in IBM QRadar, you must set up a functioning Pub/Sub system on your Google Cloud console.

Procedure

  1. Create a Google account. For more information, see Create a Google Account (https://support.google.com/accounts/answer/27441?hl=en).
  2. Set up a Pub/Sub system on your Google Cloud console. For more information, see Quickstart: building a functioning Pub/Sub system ( https://cloud.google.com/pubsub/docs/quickstart-py-mac).
    Important: When you create service account credentials on the Google Cloud platform, use the following service account credentials:
    {
      "type": "service_account",
      "project_id": "<project_id>",
      "private_key_id": "<private_key_id>",
      "private_key": “<private_key>",
      "client_email": "<client_email>",
      "client_id": "1111111111111111111",
      "auth_uri": "https://accounts.google.com/o/oauth2/auth",
      "token_uri": "https://oauth2.googleapis.com/token",
      "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
      "client_x509_cert_url": "< client_x509_cert_url >"
    }
    

What to do next

Add a log source in QRadar. For more information, see Google Cloud Pub/Sub protocol log source parameters for Google Cloud Audit Logs.