Configuring an Amazon AWS CloudTrail log source by using the Amazon AWS S3 REST API protocol

If you want to collect AWS CloudTrail logs from Amazon S3 buckets, configure a log source on the QRadar Console so that Amazon AWS CloudTrail can communicate with QRadar by using the Amazon AWS S3 REST API protocol.

Procedure

  1. If automatic updates are not enabled, download and install the most recent version of the following RPMs from the IBM® Support Website onto your QRadar Console.
    • Protocol Common RPM
    • Amazon AWS S3 REST API Protocol RPM
    • DSMCommon RPM
    • Amazon Web Service RPM
    • Amazon AWS CloudTrail DSM RPM
  2. Choose which method you will use to configure an Amazon AWS CloudTrail log source by using the Amazon AWS S3 REST API protocol.