Before you can visualize your offense data in IBM®
QRadar® Cloud Visibility, you must download and
install the content extensions for the cloud services that you want to monitor. You can monitor
offenses from Amazon AWS, Microsoft Azure, and IBM Cloud services.
Procedure
-
Log in to IBM Security App Exchange
(https://exchange.xforce.ibmcloud.com/hub).
- Search for and download the following content extensions:
- IBM Security QRadar Custom
Properties for Amazon AWS
- IBM Security QRadar Custom
Properties for Microsoft Azure
- IBM Security QRadar Content
Extension for IBM Cloud
- IBM Security QRadar Content
Extension for Hybrid Cloud Use Cases
- On the Console, click the Admin tab, then click
Extensions Management in the System Configuration section.
- To upload an extension, click Add and select the extension that
you want to upload.
Note: The extension (.zip) must be downloaded to your local computer before it
can be uploaded to the Console.
- To install the extension immediately, select the Install
immediately check box and then click Add. A preview of the
content is displayed before the extension is installed, and the content items are compared to
content items that are already in the deployment. If the content items exist, you can choose to
overwrite them or to keep the existing data. If you choose to keep the existing data, no updated
content extension items are installed.
- Select Overwrite to add the new data to QRadar.
- After the extensions are added to QRadar, you can enable the
rules by clicking
.
- Select a group from the Group list, and enable the following rules
for each content extension:
- For AWS, select the Amazon AWS group. Select all rules that you want to
monitor, then click
.
- For Microsoft Azure, select the
Azure group. Select all rules that you want to monitor, then click
.
- For IBM Cloud, select the
IBM Cloud group. Select all rules that you want to monitor, then click
.