If you want to collect AWS CloudTrail logs from Amazon CloudWatch logs, configure a log
source on the QRadar®
Console so that
Amazon AWS CloudTrail can communicate with QRadar by using the Amazon Web
Services protocol.
Procedure
-
If automatic updates are not enabled, download and install the most recent version of the
following RPMs from the IBM® Support Website onto your QRadar
Console:
- Protocol Common
- Amazon AWS REST API Protocol RPM
- Amazon Web Services Protocol RPM
- DSMCommon RPM
- Amazon AWS CloudTrail DSM RPM
- Choose which method you will use to configure an Amazon AWS CloudTrail log source by
using the Amazon Web Services protocol.