Sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
Google Cloud Platform Firewall sample message when you use the Google Cloud Pub/Sub protocol
The following sample event message shows that traffic is allowed by Google Cloud Platform Firewall.
{"insertId":"a11aaaa1aa1aa1","jsonPayload":{"remote_location":{"country":"country","continent":"continent"},"instance":{"project_id":"qradar-gcp-blog-demo","region":"country","zone":"country-c","vm_name":"instance-1"},"disposition":"ALLOWED","vpc":{"subnetwork_name":"qradar-a11aaaa1aa1aa1-1","project_id":"qradar-gcp-blog-demo","vpc_name":"qradar-a11aaaa1aa1aa1-1"},"rule_details":{"reference""network:qradar-a11aaaa1aa1aa1-1/firewall:allow-ssh","priority":65534,"direction":"INGRESS","ip_port_info":[{"port_range":["22"],"ip_protocol":"TCP"}],"source_range":["0.0.0.0/0"],"action":"ALLOW"},"connection":{"protocol":6,"dest_port":22,"dest_ip":"10.128.0.2","src_port":61572,"src_ip":"10.52.43.69"}},"resource":{"type":"gce_subnetwork","labels":{"project_id""qradar-gcp-blog-demo","subnetwork_id":"8495198078164383457","subnetwork_name":"qradar-a11aaaa1aa1aa1-1","location":"country-c"}},"timestamp":"2020-08-19T22:01:42.473623155Z","logName":"projects/qradar-gcp-blog-demo/logs/compute.googleapis.com%2Ffirewall","receiveTimestamp":"2020-08-19T22:01:50.856989345Z"}
QRadar field name | Highlighted payload field name |
---|---|
Event ID | disposition |
Logsource Time | timestamp |
Source IP | connection + src_ip |
Source Port | connection + src_port |
Destination IP | connection + dest_ip |
Destination Port | connection + dest_port |