Creating an EventBridge rule for sending events
You need to create and configure an Amazon EventBridge rule to send events from AWS Security Hub to AWS CloudWatch log group.
- Go to Amazon EventBridge (https://console.aws.amazon.com/events/home?region=us-east-1#/).
- In the Create a new rule pane, click Create rule.
- In the Name and description pane, type a name for your rule in the Name field and if you want, type a description for your rule in the Description field.
- In the Define pattern pane, select Event pattern, and then select Pre-defined pattern by service to build an event pattern.
- From the Service provider list, select AWS.
- From the Service name list, select GuardDuty.
- From the Event type list, select All Events.
- In the Select event bus pane, select AWS default event bus.
- In the Select targets pane, from the Target list, select CloudWatch log group.
- In the Log Group: section, specify a new log group or select an
existing log group from the list. Important: You need the name of the log group when you configure a log source in QRadar®.
- Click Create.
Creating an Identity and Access (IAM) user in the AWS Management Console