Creating an EventBridge rule for sending events

You need to create and configure an Amazon EventBridge rule to send events from AWS Security Hub to AWS CloudWatch log group.

Procedure

  1. Go to Amazon EventBridge.
  2. In the Create a new rule pane, click Create rule.
  3. In the Name and description pane, type a name for your rule in the Name field and if you want, type a description for your rule in the Description field.
  4. In the Define pattern pane, select Event pattern, and then select Pre-defined pattern by service to build an event pattern.
  5. From the Service provider list, select AWS.
  6. From the Service name list, select GuardDuty.
  7. From the Event type list, select All Events.
  8. In the Select event bus pane, select AWS default event bus.
  9. In the Select targets pane, from the Target list, select CloudWatch log group.
  10. In the Log Group: section, specify a new log group or select an existing log group from the list.
    Important: You need the name of the log group when you configure a log source in QRadar.
  11. Click Create.

What to do next

Creating an Identity and Access (IAM) user in the AWS Management Console