Google Cloud Platform
Use the IBM Security QRadar Google Cloud Platform Content Extension to closely monitor your Google Cloud Platform deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Google Cloud Platform Content Extension 2.0.0
The following table shows the custom properties in IBM Security QRadar Google Cloud Platform Content Extension 2.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Machine ID | Yes | 1 | /"jsonPayload"/"instance"/"vm_name" |
| Region | Yes | 1 | /"resource"/"labels"/"location" |
| Resource Name | Yes | 1 | /"resource"/"type" |
| Rule Name | Yes | 1 | /"jsonPayload"/"rule_details"/"reference" |
| Target Machine Identifier | No | 1 | /"jsonPayload"/"remote_instance"/"vm_name" |
| VPC ID | Yes | 1 | /"jsonPayload"/"vpc"/"vpc_name" |
IBM Security QRadar Google Cloud Platform Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Google Cloud Platform Content Extension 1.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Application name | Yes | 1 | applicationName":"(.*?)" |
| File Directory | Yes | 1 | source_folder_id"\},+\{"multiValue":\["(.*?)"\] |
| File ID | Yes | 1 | doc_id".?"value":"(.*?)" |
| File Type | No | 1 | doc_type".?"value":"(.*?)" |
| Filename | Yes | 1 | doc_title".?"value":"(.*?)" |
| Image ID | Yes | 1 | sourceImage":"[^"]*\/images\/(.*?)" |
| Instance Size Type | Yes | 1 | machineType":"[^"]*\/machineTypes\/(.*?)" |
| Instance State | No | 1 | status":"(.*?)" |
| InstanceID | Yes | 1 | instance_id":"(.*?)" |
| MFA Used | Yes | 1 | boolValue":(.*?), |
| Machine ID | Yes | 1 | resourceName":"[^"]*\/instances\/(.*?)" |
| Message | No | 1 | message":"(.*?)" |
| Reason | Yes | 1 | reason":"(.*?)" |
| Region | Yes | 1 | resourceName":"[^"]*\/zones\/(.*?)/ zone":"(.*?)" |
| Resource Name | Yes | 1 | resourceName":"(.*?)" |
| Role Name | Yes | 1 | ROLE_NAME".?"value":"(.*?)" role":"roles\/(.*?)" |
| Service Name | Yes | 1 | serviceName":"(.*?)" |
| Target User Name | Yes | 1 | USER_EMAIL".?"value":"(.*?)" target_user".?"value":"(.*?)" members":\["user:(.*?)" |
| User Agent | No | 1 | callerSuppliedUserAgent":"(.*?)" |
| Volume ID | 1 | resourceName":"[^"]*\/disks\/(.*?)" source":"[^"]*\/disks\/(.*?)" disk_id":"(.*?)" |