Google Cloud Platform
Use the IBM® QRadar® Google Cloud Platform Content Extension to closely monitor your Google Cloud Platform deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as part of the automatic updates. If automatic updates are not enabled,
download the most recent version of the associated DSMs from IBM Fix Central
(https://www.ibm.com/support/fixcentral).
IBM Security QRadar Google Cloud Platform Content Extension 2.0.0
The following table shows the custom properties in IBM Security QRadar Google Cloud Platform Content Extension 2.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Machine ID | Yes | 1 | /"jsonPayload"/"instance"/"vm_name" |
| Region | Yes | 1 | /"resource"/"labels"/"location" |
| Resource Name | Yes | 1 | /"resource"/"type" |
| Rule Name | Yes | 1 | /"jsonPayload"/"rule_details"/"reference" |
| Target Machine Identifier | No | 1 | /"jsonPayload"/"remote_instance"/"vm_name" |
| VPC ID | Yes | 1 | /"jsonPayload"/"vpc"/"vpc_name" |
IBM Security QRadar Google Cloud Platform Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Google Cloud Platform Content Extension 1.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Application name | Yes | 1 | applicationName":"(.*?)" |
| File Directory | Yes | 1 | source_folder_id"\},+\{"multiValue":\["(.*?)"\] |
| File ID | Yes | 1 | doc_id".?"value":"(.*?)" |
| File Type | No | 1 | doc_type".?"value":"(.*?)" |
| Filename | Yes | 1 | doc_title".?"value":"(.*?)" |
| Image ID | Yes | 1 | sourceImage":"[^"]*\/images\/(.*?)" |
| Instance Size Type | Yes | 1 | machineType":"[^"]*\/machineTypes\/(.*?)" |
| Instance State | No | 1 | status":"(.*?)" |
| InstanceID | Yes | 1 | instance_id":"(.*?)" |
| MFA Used | Yes | 1 | boolValue":(.*?), |
| Machine ID | Yes | 1 | resourceName":"[^"]*\/instances\/(.*?)" |
| Message | No | 1 | message":"(.*?)" |
| Reason | Yes | 1 | reason":"(.*?)" |
| Region | Yes | 1 | resourceName":"[^"]*\/zones\/(.*?)/ zone":"(.*?)" |
| Resource Name | Yes | 1 | resourceName":"(.*?)" |
| Role Name | Yes | 1 | ROLE_NAME".?"value":"(.*?)" role":"roles\/(.*?)" |
| Service Name | Yes | 1 | serviceName":"(.*?)" |
| Target User Name | Yes | 1 | USER_EMAIL".?"value":"(.*?)" target_user".?"value":"(.*?)" members":\["user:(.*?)" |
| User Agent | No | 1 | callerSuppliedUserAgent":"(.*?)" |
| Volume ID | 1 | resourceName":"[^"]*\/disks\/(.*?)" source":"[^"]*\/disks\/(.*?)" disk_id":"(.*?)" |