Amazon AWS Security Hub sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage return or line feed characters.

Amazon AWS Security Hub sample message when you use the Amazon Web Services protocol

{LogStreamName: SecurityHubLogStream,Timestamp:1568035216780,Message: {"version":"0","id":"2b91a1e3-38d5-0160-7d19-8b21b5359b4c","detail-type":"Security Hub Findings - Imported","source":"aws.securityhub","account":"111111111111","time":"2019-09-09T13:20:16Z","region":"useast-1","resources":["..."],"detail":{"findings":[{"SchemaVersion":"2018-10-08","Id":"...","ProductArn":"arn:aws:securityhub:useast-1::product/aws/guardduty","GeneratorId":"...","AwsAccountId":"111111111111","Types":["TTPs/UnauthorizedAccess:IAMUser-MaliciousIPCaller.Custom"],"FirstObservedAt":"2019-04-22T18:52:24.444Z","LastObservedAt":"...","CreatedAt":"...","UpdatedAt":"...","Severity":{"Product":5,"Normalized":50},"Title":"API GeneratedFindingAPIName was invoked from an IP address on a customthreat list.","Description":"API was invoked from an IP address on the custom threat list.","ProductFields":{},"Resources":[{"Type":"AwsIamAccessKey","Id":"AWS::IAM::AccessKey:GeneratedFindingAccessKeyId","Partition":"aws","Region":"us-east-1","Details":{"AwsIamAccessKey":{"UserName":"GeneratedFindingAWSService"}}}],"RecordState":"ACTIVE","WorkflowState":"NEW","approximateArrivalTimestamp":1568035214.555}]}},IngestionTime: 1568035216790,EventId: 34968353831733509797102082883407915803695330140453142528}