Oracle Cloud Infrastructure

The IBM QRadar DSM for Oracle Cloud Infrastructure (OCI) parses messages and events that are generated by OCI services to provide security insights and threat detection.

To integrate OCI with QRadar, complete the following steps:
  1. If automatic updates are not enabled, RPMs are available for download from the IBM support website. Download and install the most recent version of the following RPM on your QRadar Console:
    1. OracleCloudInfrastructure DSM RPM
  2. Configure your OCI account to send events to QRadar by selecting Log Source Type as Oracle Cloud Infrastructure instead of Universal DSM in Task 5.3.
  3. Configure the Apache Kafka Protocol to forward OCI logs and then add an OCI log source on the QRadar Console for proper parsing. For more information, see Apache Kafka protocol configuration options.