Configuring Cloudflare Logs to send events to IBM QRadar when you use the Amazon S3 REST API protocol
When you use the Amazon S3 REST API protocol, IBM® QRadar® collects Cloudflare Log events from an Amazon S3 bucket.
Before you begin
Complete the following steps:
- Configure your Cloudflare instance to push events by creating a Logpush job. For more information, see Manage via the Cloudflare UI (https://developers.cloudflare.com/logs/logpush/logpush-dashboard).
- To create a Logpush job to send Firewall events, you need to configure and manage jobs by using the Logpush API. For more information, see Manage via the Logpush API (https://developers.cloudflare.com/logs/logpush/logpush-configuration-api).
If the Logpush job is created in the Cloudflare UI or by using the Logpush REST API, you must complete the following procedure.
About this task
- Log in to the Cloudflare UI (https://dash.cloudflare.com/login).
- Select the site where you are configuring logs.
- Click .
- If the Pushing switch is in the off position, toggle the switch to On.
- Click Edit and then ensure that the appropriate fields are
selected, based on which data set is selected.
- HTTP requests - ClientRequestMethod, Client IP, ClientSrcPort, EdgeResponseStatus, EdgeStartTimestamp
- Firewall events - Action, Datetime, ClientIP
What to do next
Create an SQS Queue and configure S3 ObjectCreated Notifications.