Customer is a leading CASB Monitoring solution provider. They have a platform that provides the ease of use, visibility, continuous monitoring and investigation tools that security and compliance teams need to do their jobs at DevOps speed. The platform seamlessly integrates into multiple Cloud environments and provides a single pane of glass view into a compliance posture.
Client requested for the integration of their CASB product with the On-premise/Cloud-based QRadar so that they can monitor the Cloud through one SIEM console
Sacumen developed the QRadar app that polls events data from the SQS service. Customer pushes the event data to SQS. Customer QRadar app writes the event data in Syslog format over TCP
By configuring Customer log source to pick up the Syslog data and the custom event mapping feeds into QRadar, Customer event data is visible on QRadar console
QRadar app was developed for QRadar version 7.2.8 and above
Custom events regular expression configuration and other details packaged to make QRadar app deployment simpler