Sending offenses to AWS Security Hub

You can send offenses from IBM® QRadar® Cloud Visibility to the AWS Security Hub. The offenses are created as findings in Amazon AWS.

About this task

Ensure that all the trusted and trusting accounts are configured.

Procedure

  1. From the AWS Offense Overview tab, click any segment of a chart.
  2. Select the check boxes of the offenses that you want to send, and click Send to AWS Security Hub.
    The following offense fields are sent to AWS Security Hub:
    • name
    • severity
    • start_time
    • last_updated_time
    • status
    The following fields from the events of the offense are also sent to AWS Security Hub:
    • InstanceID
    • AccountID
    • ResourceID
    • Region
    • ImageID
    • VPCID
  3. After you verify the submission results, close the message and return to the Overview tab by clicking Back.
  4. To automatically send new and updated offenses to AWS Security Hub, go to the configuration wizard on the Admin tab and complete the following steps:
    1. On the AWS tab, AWS resource access permissions wizard.
    2. Select Modify AWS account credentials or integration options and then click Next.
    3. Click Enable AWS Security Hub integration > Automatically send new and updated offenses to AWS Security Hub, and then complete the wizard.
    4. To see a log of the findings that were sent to Security Hub, click View Logs.