X

The latest cloud infrastructure announcements, technical solutions, and enterprise cloud insights.

Observe Oracle Cloud Infrastructure with IBM QRadar

Igor Aragao de Souza
Principal Big Data Consultant

Today, we’re excited to publish a reference solution for moving logs from Oracle Cloud Infrastructure (OCI) into IBM QRadar, a popular SIEM solution. 

With the Oracle Cloud Observability and Manageability platform, we aim to meet our customers where they are. We understand that customers may have standardized their operations with third-party tools. We want to be interoperable with those tools to enable customers to easily adopt OCI with minimal retraining, re-architecture, and change in processes. This blog enables joint OCI and QRadar customers to use their existing investments for ingesting and analyzing OCI logs in Qradar.

Use cases

This reference solution enables the following use cases and more:

  • Running analytics on service, audit, and custom logs in QRadar.
  • Consolidating logs from multi-cloud and hybrid environments.
  • Similar logs, developers can leverage OCI SDK for Monitoring to export metrics(for their applications and services running on OCI), to QRadar. Hence thanks to openness and interoperability of OCI Logging and Monitoring, customers can unify SIEM system on the platform of their choice, here case in point being IBM QRadar.

Solution Overview : Instantly Visualize Your OCI Log Data in IBM QRadar with Oracle Streaming Service and Service Connector Hub

The solution uses the Service Connector Hub to read logs from OCI Logging and ingests them into the Streaming Service. IBM QRadar has an integrated Kafka consumer that can connect with OCI Streaming - which is Kafka compatible - and reads the data. For detailed steps about OCI and QRadar Integration, visit our tutorial into the Learn Page.

A graphic depicting the architecture connecting OCI services to IBM QRadar with the Service Connector Hub.
Figure 1: End-to-end flow.

About the Oracle Cloud Infrastructure services used in this solution

OCI Logging is a cloud-native, fully managed, distributed logging platform that simplifies ingesting, managing, and analyzing logs from your entire stack. The service brings all your logs into one view: infrastructure, application, audit, and database. To learn more about Logging, see Announcing the general availability of Oracle Cloud Infrastructure Logging. OCI Logging leverages open CloudEvents standard, making it easy for interoperability as well as helps in avoiding vendor lock-in.

OCI Service Connector Hub moves data between services, both within OCI and from OCI to third-party tools. For extra processing and compliance storage needs, it moves data, such as logs from Logging and event streams from Streaming to services such as Object Storage, Streaming, Logging Analytics, and OCI Monitoring. It triggers functions for custom data processing and sends notifications about changes to cloud resources. To learn more about Service Connector Hub, see Oracle Cloud Infrastructure Service Connector Hub now generally available.

OCI Streaming is a real-time, serverless, Apache Kafka-compatible event streaming platform. This service provides out-of-the-box integrations for hundreds of third-party products across categories such as DevOps, databases, big data, and SaaS applications using the popular Kafka Connect.

Conclusion

In closing, this blog demonstrated how you can ingest logs from OCI Logging into IBM Qradar using Service Connector Hub and Oracle Streaming Services. You can use the same reference architecture to build any third-party integrations to solve your specific use cases.

We welcome you to sign up for the Oracle Cloud Free Trial or sign in to your account to experience this integration. We can’t wait to see what you build.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha