Configuring an Amazon AWS CloudTrail log source by using the Amazon AWS S3 REST API protocol
If you want to collect AWS CloudTrail logs from Amazon S3 buckets, configure a log source on the QRadar® Console so that Amazon AWS CloudTrail can communicate with QRadar by using the Amazon AWS S3 REST API protocol.
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
- Protocol Common RPM
- Amazon AWS S3 REST API Protocol RPM
- DSMCommon RPM
- Amazon Web Service RPM
- Amazon AWS CloudTrail DSM RPM
- Choose which method you will use to configure an Amazon AWS CloudTrail log source by using the Amazon AWS S3 REST API protocol.