If you want to collect AWS Verified Access logs from Amazon S3 buckets, configure a log
source on the QRadar
Console so that AWS
Verified Access can communicate with QRadar by using the Amazon AWS S3
REST API protocol.
Procedure
- If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console.
- Protocol Common RPM
- Amazon AWS S3 REST API Protocol RPM
- DSMCommon RPM
- Amazon Web Service RPM
- AWS Verified Access DSM RPM
- Choose which method that you want to use to configure an AWS Verified Access log source
by using the Amazon AWS S3 REST API protocol.