AWS Config

The IBM QRadar DSM for AWS Config supports events that are collected from Amazon S3 buckets, and from a Log group in the AWS Config Logs.

The following table lists the specifications for the AWS Config DSM:

Table 1. AWS Config DSM specifications
Specification Value
Manufacturer

Amazon

DSM

AWSConfig

RPM name DSM-AWSConfig-QRadar_version- Build_number.noarch.rpm
Supported protocols
  • AmazonAWS S3 REST API
  • Syslog
Event format

JSON

Automatically discovered? Yes
Includes identity? No
Includes custom properties? Yes
More information

AWS Config

If you want to collect AWS Config logs from Amazon S3 buckets, configure a log source on the QRadar Console so that AWS Config can communicate with QRadar by using the Amazon AWS S3 REST API protocol.

You must have your AWS user account access key and the secret access key values before you can configure a log source in QRadar. For more information, see Configuring security credentials for your AWS user account.