Amazon AWS permissions and QRadar Cloud Visibility capabilities
During the Amazon AWS account setup workflow, you must enable several permissions so that you can take advantage of all of the QRadar® Cloud Visibility capabilities.
The following table maps the permissions with capabilities.
Amazon AWS permission | QRadar Cloud Visibility capability |
---|---|
iam:GetPolicy iam:GetPolicyVersion iam:ListAttachedRolePolicies |
AWS Account Setup / Validation & AWS API access (For assuming roles and calling APIs, needed by all features that are listed in this table.) |
iam:GenerateCredentialReport iam:GetCredentialReport |
IAM Best Practices |
cloudtrail:DescribeTrails s3:GetBucketLocation |
CloudTrail Log Sources |
ec2:DescribeInstances ec2:DescribeVpcs |
Network Hierarchy |
ec2:DescribeNetworkInterfaces | VPC Flow Logs |
iam:ListAccessKeys ec2:DescribeFlowLogs logs:DescribeLogGroups s3:GetBucketNotification sns:ListSubscriptionsByTopic s3:ListAllMyBuckets |
Additional requirements for log sources table in V1.3.0 |
securityhub:BatchImportFindings securityhub:EnableImportFindingsForProduct |
Integration with Amazon Security Hub |