If you want to collect AWS CloudTrail logs from Amazon S3 buckets, configure a log source
on the QRadar
Console so that Amazon AWS
CloudTrail can communicate with QRadar by using the Amazon AWS S3
REST API protocol.
Procedure
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console.
- Protocol Common RPM
- Amazon AWS S3 REST API Protocol RPM
- DSMCommon RPM
- Amazon Web Service RPM
- Amazon AWS CloudTrail DSM RPM
- Choose which method you will use to configure an Amazon AWS CloudTrail log source by
using the Amazon AWS S3 REST API protocol.