You need to create and configure an Amazon EventBridge rule to send events from AWS
Security Hub to AWS CloudWatch log group.
Procedure
- Go to Amazon EventBridge.
- In the Create a new rule pane, click Create
rule.
- In the Name and description pane, type a name for your rule in the
Name field and if you want, type a description for your rule in the
Description field.
- In the Define pattern pane, select Event
pattern, and then select Pre-defined pattern by service to build
an event pattern.
- From the Service provider list, select
AWS.
- From the Service name list, select
GuardDuty.
- From the Event type list, select All
Events.
- In the Select event bus pane, select AWS default event
bus.
- In the Select targets pane, from the Target
list, select CloudWatch log group.
- In the Log Group: section, specify a new log group or select an
existing log group from the list.
Important: You need the name of the log group when you configure a log source in QRadar.
- Click Create.