Visibility and Intelligence for the Cloud

Visibility and Intelligence for the Cloud Courses:

Configuration and benefits of an AWS log source in QRadar

Amazon Web Services (AWS) CloudTrail is a service that enables operational and risk auditing of your AWS account. It collects audit events from Amazon S3 buckets and a Log group in the AWS CloudWatch Logs. CloudTrail allows you to continuously monitor your AWS account activity including actions taken through the Management Console, AWS SDKs, command line, and other services.

QRadar connects through Amazon Web Services' API to retrieve the CloudTrail events, providing event parsing that not only allows for monitoring of your AWS account activity, but also for newly created rules to alert on possible AWS Security violations. AWS-related saved searches are used for reporting, which allows for analyzing trends on policy and user/group changes, and more.

In this video, you learn how to configure QRadar to retrieve logs from an AWS cloud environment source. Two use cases demonstrate how useful this integration can be to your cloud security posture.

Securing the Cloud with QRadar

In this training module you learn IBM QRadar's three tiered approach to securing the cloud. You also learn cloud adoption trends and use cases for securing the cloud.

Configuring and testing AWS CloudTrail log source with SQS queue in QRadar
NEW

The IBM Security QRadar DSM for Amazon Web Services (AWS) CloudTrail supports audit events that are collected from Amazon S3 buckets by using the Amazon AWS S3 REST API protocol and a Simple Queue Service (SQS) queue. This method is very useful when collecting CloudTrail logs from multiple accounts or regions in an Amazon S3 bucket and reduced the chance of missing files by using ObjectCreate notifications. It is an alternative to the prefix method to collect data because it does not require that the file names in the folders be in a string sorted in ascending order based on the full path. In this course, you learn which services you need properly configured in your AWS environment to make this method work. Following this, you learn how to add an Amazon AWS CloudTrail log source, and at the end, you see how a successfully configured log source receives events from AWS.