Amazon AWS Security Hub

The IBM® QRadar® DSM for Amazon AWS Security Hub collects events from the AWS CloudWatch log group of Amazon CloudWatch service.

To integrate Amazon AWS Security Hub with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM support website (https://www.ibm.com/support).
    • DSM Common RPM
    • Protocol Common RPM
    • Amazon Web Services Protocol RPM
    • Amazon AWS Security Hub DSM RPM
  2. Create and configure an Amazon EventBridge rule to send events from AWS Security Hub to AWS CloudWatch log group. For more information, see Creating an EventBridge rule for sending events.
  3. Create an Identity and Access (IAM) user in the Amazon AWS user interface when using the Amazon Web Services protocol. For more information, see Creating an Identity and Access (IAM) user in the AWS Management Console.
  4. Add an Amazon AWS Security Hub log source on the QRadar Console. For more information, see Amazon Web Services log source parameters for Amazon AWS Security Hub.