You need to create and configure an Amazon EventBridge rule to send alerts from AWS
Security Hub to AWS CloudWatch log group.
Procedure
-
Go to Amazon EventBridge
(https://console.aws.amazon.com/events/home?region=us-east-1#/).
-
In the Create a new rule pane, click Create
rule.
-
In the Name and description pane, type a name for your rule in the
Name field and if you want, type a description for your rule in the
Description field.
-
In the Define pattern pane, select Event pattern,
and then select Pre-defined pattern by service to build an event
pattern.
- From the Service provider list, select
AWS.
- From the Service name list, select
GuardDuty.
- From the Event type list, select All
Events.
- In the Select event bus pane, select AWS default event
bus.
- In the Select targets pane, from the Target
list, select CloudWatch log group.
- In the Log Group: section, specify a new log group or select an
existing log group from the list.
Important: You need the name of the log group when you configure a data source in the QRadar® product.
- Click Create.