To collect IBM Cloud
Platform events, you must configure your third-party instance to send events to QRadar.
Before you begin
You must have an app running in IBM Cloud so that you can create log
drains.
Procedure
- From the Cloud Foundry command-line interface, type the
following command to create a drain:
cf cups drain_name -l syslog://QRadar_IP_Address:514
Alternatively, use the following command:
cf cups drain_name -l syslog-tls://QRadar_IP_Address:1513
1513
is the port that is used
to communicate with QRadar.
- Bind the service instance with the following command:
cf bind-service BusinessApp_name drain_name