Finding an S3 bucket name and directory prefix
An Amazon administrator must create a user and then apply the AmazonS3ReadOnlyAccess policy in the AWS Management Console. Users can then create a log source in the QRadar® product.
For more information about permissions that are related to bucket operations, go to the AWS documentation website (https://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-buckets).
- Click Services.
- From the list, select CloudTrail.
- From the Trails page, click the name of the trail.
- Note the name of the S3 bucket that is displayed in the S3 bucket field.
- Click the Edit icon.
- Note the location path for the S3 bucket that is displayed underneath the Log file prefix field.