Amazon AWS Security Hub

The IBM® Security QRadar® Log Insights DSM for Amazon AWS Security Hub collects events from the AWS CloudWatch log group of Amazon CloudWatch service.

To integrate Amazon AWS Security Hub with , complete the following steps:
  1. Create and configure an Amazon EventBridge rule to send events from AWS Security Hub to AWS CloudWatch log group. For more information, see Creating an EventBridge rule for sending events.
  2. Create an Identity and Access (IAM) user in the Amazon AWS user interface when using the Amazon Web Services connector. For more information, see Creating an Identity and Access (IAM) user in the AWS Management Console.
  3. Add an Amazon AWS Security Hub data source in QRadar Log Insights. For more information, see Amazon Web Services log source parameters for Amazon AWS Security Hub.

For information about adding a data source in QRadar Log Insights, see Adding ingestion data sources.

If you are an IBM QRadar user, see Terminology changes for QRadar customers.