Integrating with AWS Security Hub

Enable the Security Hub console of the AWS trusted account to receive offenses that are related to AWS log sources from QRadar®. Then, after configuration in IBM® QRadar Cloud Visibility, you can send the offenses to AWS Security Hub so that they can be viewed and analyzed with other findings.

Before you begin

You must have V1.2.4 of the content pack for Amazon AWS installed.


  1. To enable the Security Hub on AWS to receive offenses from QRadar Cloud Visibility, complete the following steps:
    1. Log in to the Amazon console at ( of the trusted account that you created in t_Qapps_CSA_configure_trusted_AWS_account.html#task_ety_k32_fhb.
    2. Go to Security, Identity, & Compliance, select Security Hub and then click Enable Security Hub.
    3. On the Security Hub console, select Integrations, select IBM: QRadar SIEM from the providers list, and click Enable Integration.
  2. To configure QRadar Cloud Visibility to send offenses to AWS Security Hub, complete the following steps:
    1. On the QRadar Console, click the Admin tab.
    2. Click Apps > Cloud Visibility > Configuration.
    3. Click the AWS tab and select the Enable Amazon AWS dashboard and other capabilities checkbox.
    4. If you need a proxy server to connect to your Amazon AWS account, configure the settings in the Proxy configuration section, and then click Validate.
    5. Click AWS resource access permissions wizard.
    6. Select Modify AWS account credentials or integration options and click Next.
    7. Enter the AWS credentials.
    8. Select the AWS partition and regions where your AWS resources are located.
    9. Select the Enable AWS Security Hub integration checkbox, and enter the Security Hub account and region credentials.
    10. Optional: Select the Automatically send new and updated offenses to AWS Security Hub checkbox.
    11. Click Next and follow the wizard instructions as needed.
    12. When the wizard is complete, click Finish.

What to do next

Sending offenses to AWS Security Hub