Configuring and testing AWS CloudTrail log source with SQS queue in QRadar

Question & Answer

Question

The IBM Security QRadar DSM for Amazon Web Services (AWS) CloudTrail supports audit events that are collected from Amazon S3 buckets by using the Amazon AWS S3 REST API protocol and a Simple Queue Service (SQS) queue. This method is very useful when collecting CloudTrail logs from multiple accounts or regions in an Amazon S3 bucket and reduced the chance of missing files by using ObjectCreate notifications. It is an alternative to the prefix method to collect data because it does not require that the file names in the folders be in a string sorted in ascending order based on the full path. In this course, you learn which services you need properly configured in your AWS environment to make this method work. Following this, you learn how to add an Amazon AWS CloudTrail log source, and at the end, you see how a successfully configured log source receives events from AWS.

Duration: 19 Minutes
Follow the link in related information to view the course on the IBM Security Learning Academy

Answer

The Security Learning Academy is a full service learning platform, providing various training objects and instruction options.

Related Information

Click here to view this course on the IBM Security Learning Academy

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version","Edition":" ","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Configuring and testing AWS CloudTrail log source with SQS queue in QRadar

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?