Configuring Amazon Elastic Kubernetes Service to communicate with QRadar
Before you can add a logsource in IBM QRadar, you must enable logging on your Amazon AWS console.
Before you begin
You must have a cluster that is created in the Amazon Container Services application. For more information about creating clusters, see your Amazon Elastic Kubernetes Service (Amazon EKS) documentation (https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html).
Procedure
- Log in to your IAM console (https://console.aws.amazon.com/iam/).
- Click .
- From the Clusters list, select the cluster that you want to use, then click the Configuration tab.
- Click the Logging tab and then enable the options that you want the logging service to monitor.
- To create the log group, click Manage logging.
- To view the log group, click Log groups list as /aws/eks/<cluster name>/cluster. . The log group displays in the
- Click .
- Click the Details tab, then record the Cluster ARN value. You need this value for the Log Group parameter value when you add a log source in QRadar.