Configuring an Amazon AWS Route 53 log source by using the Amazon Web Services protocol and CloudWatch logs

To collect AWS Route 53 public DNS query logs or Resolver query logs, or both, from Amazon CloudWatch logs, add a log source on the QRadar® Console by using the Amazon Web Services protocol.

1. Create a log group in Amazon CloudWatch Logs to retrieve logs in QRadar.
   Important: For public DNS query logs, the log group must be in the US East (N.Virginia) region.
2. Configure AWS Route 53 to send logs to a log group in the AWS CloudWatch Logs.
   • For public DNS logs, configure public DNS query logging.
   • For Resolver query logs, configure Resolver query logging.
3. Create an Identity and Access (IAM) user in the AWS Management Console.
4. Configure security credentials for your AWS user account.
5. Amazon Web services log source parameters for Amazon AWS Route 53.