Send Gitlab events to qradar

Hello Team,
is it possible to send Gitlab events like push events comments etc… to qradar.
any details about the exact process?
is there any documentation about achieving this integration?

Thanks in Advance.

Since audit events for the type of information you are looking for requires a subscription - unless you have Premium or even Ultimate subscription you aren’t going to be able to do this. See below for more info:

Other people have managed to do it using what appears in the logs, so you can configure syslog to forward to qradar. However, as I said, depending on what subscription you have will decide how much audit information you will get.

I have the free trial of the ultimate subscription,

So to do that, I should use syslog.
I tried to set a log source based on HTTP receiver in qradar and use gitlab webhooks but it didn’t work.

Take a look at streaming audit events, it may be what you’re looking for. I don’t know qradar to know if it can ingest the events sent from GitLab. There is a streaming event for code push.

2 Likes