Amazon AWS S3 REST API log source parameters for Amazon AWS WAF
If QRadar does not automatically detect the log source, add an Amazon AWS WAF log source on the QRadar Console by using the Amazon AWS S3 REST API protocol.
When you use the Amazon AWS S3 REST API protocol, there are specific parameters that you must configure.
Parameter | Value |
---|---|
Log Source type | Amazon AWS WAF |
Protocol Configuration | Amazon AWS S3 REST API |
Log Source Identifier |
Type a unique name for the log source. The Log Source Identifier can be any valid value and does not need to reference a specific server. The Log Source Identifier can be the same value as the Log Source Name. If you have more than one Amazon AWS WAF log source that is configured, you might want to identify the first log source as awswaf1, the second log source as awswaf2, and the third log source as awswaf3. |
Authentication Method | Access Key ID / Secret Key |
Access Key | The Access key ID that you created when you configured your AWS security credentials. For more information, see Configuring security credentials for your AWS user account. |
Secret Key | The Secret access key that you created when you configured your AWS security credentials. For more information, see Configuring security credentials for your AWS user account. |
S3 Collection Method | SQS Event Notifications |
SQS Queue URL | The full URL that begins with https://, for the SQS Queue that is set up to receive notifications for ObjectCreated events from S3. |
Region Name | The region that is assigned to your Amazon AWS WAF. Example: us-east-2 |
Event Format | LINEBYLINE |
For a complete list of Amazon AWS S3 REST API protocol parameters and their values, see Amazon AWS S3 REST API protocol configuration options.