Integrating with Amazon Detective
Configure the Amazon Detective integration so that QRadar® Cloud Visibility can send offenses for further investigation.
- On the QRadar Console, click the Admin tab.
- Click .
- Click the AWS tab and select the Enable Amazon AWS dashboard and other capabilities checkbox.
- If you need a proxy server to connect to your Amazon AWS account, configure the settings in the Proxy configuration section, and then click Validate.
- Click AWS resource access permissions wizard.
- Select Modify AWS account credentials or integration options and click Next.
- Enter the AWS credentials.
- Select the AWS partition and regions where your AWS resources are located.
- Select the Enable Amazon Detective integration checkbox, and enter the Security Hub account and region credentials.
- Select one of the following options to complete the configuration;
- Click Next and follow the wizard instructions as needed.
- When the wizard is complete, click Finish.
Adding a custom event property for the GuardDuty FindingID