Configuring Amazon AWS WAF to communicate with QRadar
Before you can add a log source in IBM QRadar, you must configure Amazon AWS WAF to send logs to an Amazon Kinesis Data Firehouse Delivery Stream that uses an Amazon AWS S3 bucket.
Before you begin
You must have an Amazon Kinesis Data Firehose Delivery Stream configured. For more information, see the Amazon documentation about Creating an Amazon Kinesis Data Firehose Delivery Stream (https://docs.aws.amazon.com/firehose/latest/dev/basic-create.html).The delivery stream must be linked to the Amazon AWS S3 Bucket.
About this task
Procedure
- Log in to your IAM console (https://console.aws.amazon.com/iam/).
- Click .
- From the WAF & Shield navigation menu, select Web ACLs.
- Click the Logging and metrics tab.
- To enable logging, click Enable logging.
- From the region list, select your region.
- From the Web ACLs list, select the Amazon Kinesis Data Firehose Delivery Stream that is linked to your Amazon AWS S3 bucket.
- Click Enable Logging.