Configuring an Amazon AWS CloudTrail log source by using the Amazon Web Services protocol and CloudWatch Logs
If you want to collect AWS CloudTrail logs from Amazon CloudWatch logs, configure a log source on the QRadar Console so that Amazon AWS CloudTrail can communicate with QRadar by using the Amazon Web Services protocol.
Procedure
- Creating an Identity and Access (IAM) user in the AWS Management Console
- Creating a log group in Amazon CloudWatch Logs to retrieve logs in QRadar
- Configure Amazon AWS CloudTrail to send log files to CloudWatch Logs
- Configuring security credentials for your AWS user account
- Adding an Amazon AWS CloudTrail log source by using the Amazon Web Services protocol and CloudWatch Logs