You can send offenses from IBM®
QRadar® Cloud Visibility to the AWS Security Hub. The
offenses are created as findings in Amazon AWS.
About this task
Ensure that all the trusted and trusting accounts are configured.
Procedure
-
From the AWS Offense Overview tab, click any segment of a chart.
-
Select the check boxes of the offenses that you want to send, and click Send to AWS
Security Hub.
The following offense fields are sent to AWS Security Hub:
- name
- severity
- start_time
- last_updated_time
- status
The following fields from the events of the offense are also sent to AWS Security Hub:
- InstanceID
- AccountID
- ResourceID
- Region
- ImageID
- VPCID
-
After you verify the submission results, close the message and return to the
Overview tab by clicking Back.
- To automatically send new and updated offenses to AWS Security Hub, go to the
configuration wizard on the Admin tab and complete the following steps:
- On the AWS tab, AWS resource access permissions
wizard.
- Select Modify AWS account credentials or integration options
and then click Next.
- Click , and then complete the wizard.
- To see a log of the findings that were sent to Security Hub, click View
Logs.