Amazon Web Services log source parameters for Amazon AWS Security Hub

Add an Amazon AWS Security Hub log source on the QRadar® Console to collect AWS CloudWatch logs by using the Amazon Web Services protocol.

When using the Amazon Web Services protocol to collect AWS CloudWatch logs, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect AWS CloudWatch logs with the Amazon Web Services protocol:
Table 1. Amazon Web Services log source parameters for the Amazon AWS Security Hub DSM
Parameter Value
Log Source type Amazon AWS Security Hub
Protocol Configuration Amazon Web Services
Log Source Identifier The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Amazon AWS Security Hub log source that is configured, you might want to identify the first log source as awssecurityhub1, the second log source as awssecurityhub2, and the third log source as awssecurityhub3.

For a complete list of Amazon Web Services protocol parameters and their values for collecting AWS CloudWatch logs, see Amazon Web Services protocol configuration options.