Integrating with Amazon Detective

Configure the Amazon Detective integration so that QRadar® Cloud Visibility can send offenses for further investigation.

Procedure

  1. On the QRadar Console, click the Admin tab.
  2. Click Apps > Cloud Visibility > Configuration.
  3. Click the AWS tab and select the Enable Amazon AWS dashboard and other capabilities checkbox.
  4. If you need a proxy server to connect to your Amazon AWS account, configure the settings in the Proxy configuration section, and then click Validate.
  5. Click AWS resource access permissions wizard.
  6. Select Modify AWS account credentials or integration options and click Next.
  7. Enter the AWS credentials.
  8. Select the AWS partition and regions where your AWS resources are located.
  9. Select the Enable Amazon Detective integration checkbox, and enter the Security Hub account and region credentials.
  10. Select one of the following options to complete the configuration;
  11. Click Next and follow the wizard instructions as needed.
  12. When the wizard is complete, click Finish.

What to do next

Adding a custom event property for the GuardDuty FindingID