Finding an S3 bucket name and directory prefix
Before you can add a log source in IBM® QRadar®, an Amazon administrator must create a user and then apply the AmazonS3ReadOnlyAccess policy in the AWS Management Console.
Alternatively, you can assign more granular permissions to the bucket. The minimum required permissions are s3:listBucket and s3:getObject.
Before you begin
For more information about permissions that are related to bucket operations, see the AWS documentation (https:/docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html#using-with-s3-actions-related-to-buckets).
About this task
- Log in to the AWS Management Console as Administrator.
- Click Services.
- From the list, select Route 53.
- From the Route 53 navigation menu, select Query Logging.
- Note the S3 bucket name in the Destination ARN field. You need this value when you configure a log source in QRadar. If the location path for the S3 Bucket name is available, note it as well.
Create an Amazon AWS Identity and Access Management (IAM) user in the AWS Management Console and then apply the AmazonS3ReadOnlyAccess policy.