Enable the Security Hub console of the AWS trusted account to receive offenses that are
related to AWS log sources from QRadar®. Then, after configuration
in IBM®
QRadar Cloud Visibility, you can send the
offenses to AWS Security Hub so that they can be viewed and analyzed with other
findings.
Before you begin
You must have V1.2.4 of the content pack for Amazon AWS installed.
Procedure
-
To enable the Security Hub on AWS to receive offenses from QRadar Cloud
Visibility, complete the following
steps:
-
Log in to the Amazon console at https://console.aws.amazon.com (https://console.aws.amazon.com) of the
trusted account that you created in t_Qapps_CSA_configure_trusted_AWS_account.html#task_ety_k32_fhb.
-
Go to , select Security Hub and then click Enable Security
Hub.
-
On the Security Hub console, select Integrations, select IBM:
QRadar SIEM from the providers list, and click Enable
Integration.
-
To configure QRadar Cloud
Visibility to send
offenses to AWS Security Hub, complete the following steps:
- On the QRadar
Console, click the Admin tab.
- Click .
- Click the AWS tab and select the
Enable Amazon AWS dashboard and other capabilities
checkbox.
-
If you need a proxy server to connect to your Amazon AWS account, configure the settings in the
Proxy configuration section, and then click
Validate.
-
Click AWS resource access permissions wizard.
- Select Modify AWS account credentials or integration options
and click Next.
- Enter the AWS credentials.
- Select the AWS partition and regions where your AWS resources are
located.
- Select the Enable AWS Security Hub integration checkbox, and
enter the Security Hub account and region credentials.
- Optional: Select the Automatically send new and updated
offenses to AWS Security Hub checkbox.
- Click Next and follow the wizard instructions as
needed.
- When the wizard is complete, click Finish.