Before you can add a log source that uses the Amazon Web Services protocol in IBM
QRadar, you must create a data
stream and then create a real-time log configuration on the AWS Management Console.
Procedure
-
On the AWS Management console, create a data stream. For more information, see Creating a stream via the AWS Management Console.
- On the AWS Management console, create real-time logs. For more information, see Real-time logs.
-
Create a real-time log configuration on the AWS Management
Console.
Important: Real-time log configuration requires all 40 fields to be configured. For more
information, see
Understanding real-time log configurations.
The
position/index number for the following fields must be as documented in the
Amazon AWS Fields documentation:
- timestamp
- c-ip
- sc-status
- x-edge
- x-edge-result-type
- c-port
- x-edge-detailed-result-type
For example, the
c-ip position, is in the 2 position and the
x-edge-detailed-result-type is in the 33rd position.
- Add an Amazon CloudFront log source in QRadar. Adding an Amazon CloudFront log source by using the Amazon Web Services protocol an
Kinesis Data Streams.