Integrating with AWS Security Hub
Enable the Security Hub console of the AWS trusted account to receive offenses that are related to AWS log sources from QRadar®. Then, after configuration in IBM® QRadar Cloud Visibility, you can send the offenses to AWS Security Hub so that they can be viewed and analyzed with other findings.
You must have V1.2.4 of the content pack for Amazon AWS installed.
Before you begin
To enable the Security Hub on AWS to receive offenses from QRadar Cloud
Visibility, complete the following
- Log in to the Amazon console at https://console.aws.amazon.com (https://console.aws.amazon.com) of the trusted account that you created in t_Qapps_CSA_configure_trusted_AWS_account.html#task_ety_k32_fhb.
- Go to Security Hub and then click Enable Security Hub. , select
- On the Security Hub console, select Integrations, select IBM: QRadar SIEM from the providers list, and click Enable Integration.
To configure QRadar Cloud
Visibility to send
offenses to AWS Security Hub, complete the following steps:
- On the QRadar Console, click the Admin tab.
- Click .
- Click the AWS tab and select the Enable Amazon AWS dashboard and other capabilities checkbox.
- If you need a proxy server to connect to your Amazon AWS account, configure the settings in the Proxy configuration section, and then click Validate.
- Click AWS resource access permissions wizard.
- Select Modify AWS account credentials or integration options and click Next.
- Enter the AWS credentials.
- Select the AWS partition and regions where your AWS resources are located.
- Select the Enable AWS Security Hub integration checkbox, and enter the Security Hub account and region credentials.
- Optional: Select the Automatically send new and updated offenses to AWS Security Hub checkbox.
- Click Next and follow the wizard instructions as needed.
- When the wizard is complete, click Finish.
Sending offenses to AWS Security Hub