Amazon AWS permissions and QRadar Cloud Visibility capabilities

During the Amazon AWS account setup workflow, you must enable several permissions so that you can take advantage of all of the QRadar® Cloud Visibility capabilities.

The following table maps the permissions with capabilities.

Amazon AWS permission QRadar Cloud Visibility capability

iam:GetPolicy

iam:GetPolicyVersion

iam:ListAttachedRolePolicies

AWS Account Setup / Validation & AWS API access (For assuming roles and calling APIs, needed by all features that are listed in this table.)

iam:GenerateCredentialReport

iam:GetCredentialReport

IAM Best Practices

cloudtrail:DescribeTrails

s3:GetBucketLocation

CloudTrail Log Sources

ec2:DescribeInstances

ec2:DescribeVpcs

Network Hierarchy
ec2:DescribeNetworkInterfaces VPC Flow Logs
iam:ListAccessKeys

ec2:DescribeFlowLogs

logs:DescribeLogGroups

s3:GetBucketNotification

sns:ListSubscriptionsByTopic

s3:ListAllMyBuckets

Additional requirements for log sources table in V1.3.0
securityhub:BatchImportFindings

securityhub:EnableImportFindingsForProduct

Integration with Amazon Security Hub