Finding an S3 bucket name and directory prefix
An Amazon administrator must create a user and then apply the AmazonS3ReadOnlyAccess policy in the AWS Management Console. The QRadar user can then create a log source in QRadar.
Note: Alternatively, you can assign more granular permissions to the bucket. The minimum required
permissions are s3:listBucket and s3:getObject.
For more information about permissions that are related to bucket operations, go to the AWS documentation website.
Procedure
- Click Services.
- From the list, select Config.
- From the Config page, click the name of the Config.
- Note the name of the S3 bucket that is displayed in the S3 bucket field.
- Click the Edit icon.
- Note the location path for the S3 bucket that is displayed underneath the Log file prefix field.