Configuring IBM Cloud Platform to communicate with QRadar

To collect IBM Cloud Platform events, you must configure your third-party instance to send events to QRadar.

Before you begin

You must have an app running in IBM Cloud so that you can create log drains.

Procedure

  1. From the Cloud Foundry command-line interface, type the following command to create a drain:
    cf cups drain_name -l syslog://QRadar_IP_Address:514

    Alternatively, use the following command:

    cf cups drain_name -l syslog-tls://QRadar_IP_Address:1513

    1513 is the port that is used to communicate with QRadar.

  2. Bind the service instance with the following command:
    cf bind-service BusinessApp_name drain_name