Configuring an Amazon AWS Route 53 log source by using an S3 bucket with a directory prefix
You can collect AWS Route 53 Resolver query logs from a single account and region in an Amazon S3 bucket. Add a log source on the QRadar® Console so that Amazon AWS Route 53 can communicate with QRadar by using the Amazon AWS S3 REST API protocol with a directory prefix.
Before you begin
About this task
Procedure
- Configure Resolver query logging. When you configure the Query logs destination parameter, select S3 bucket for the value.
- Find an S3 bucket name and directory prefix for Amazon AWS Route 53.
- Create an Amazon AWS Identity and Access Management (IAM) user and then apply the AmazonS3ReadOnlyAccess policy.
- Configure the security credentials for you AWS user account.
- Amazon AWS S3 REST API log source parameters for Amazon AWS Route 53 when using a directory prefix.