AWS Config
The IBM QRadar DSM for AWS Config supports events that are collected from Amazon S3 buckets, and from a Log group in the AWS Config Logs.
The following table lists the specifications for the AWS Config DSM:
Specification | Value |
---|---|
Manufacturer |
Amazon |
DSM |
AWSConfig |
RPM name | DSM-AWSConfig-QRadar_version- Build_number.noarch.rpm |
Supported protocols |
|
Event format |
JSON |
Automatically discovered? | Yes |
Includes identity? | No |
Includes custom properties? | Yes |
More information |
If you want to collect AWS Config logs from Amazon S3 buckets, configure a log source on the QRadar Console so that AWS Config can communicate with QRadar by using the Amazon AWS S3 REST API protocol.
You must have your AWS user account access key and the secret access key values before you can configure a log source in QRadar. For more information, see Configuring security credentials for your AWS user account.