Visibility and Intelligence for the Cloud
Visibility and Intelligence for the Cloud Courses:
Amazon Web Services (AWS) CloudTrail is a service that enables operational and risk auditing of your AWS account. It collects audit events from Amazon S3 buckets and a Log group in the AWS CloudWatch Logs. CloudTrail allows you to continuously monitor your AWS account activity including actions taken through the Management Console, AWS SDKs, command line, and other services.
QRadar connects through Amazon Web Services' API to retrieve the CloudTrail events, providing
event parsing that not only allows for monitoring of your AWS account
activity, but also for newly created rules to alert on possible AWS
Security violations. AWS-related saved searches are used for reporting,
which allows for analyzing trends on policy and user/group changes, and
In this video, you learn how to configure QRadar to retrieve logs from an AWS cloud environment source. Two use cases demonstrate how useful this integration can be to your cloud security posture.
In this training module you learn IBM QRadar's three tiered approach to securing the cloud. You also learn cloud adoption trends and use cases for securing the cloud.
The IBM Security QRadar DSM for Amazon Web Services (AWS) CloudTrail supports audit events that are collected from Amazon S3 buckets by using the Amazon AWS S3 REST API protocol and a Simple Queue Service (SQS) queue. This method is very useful when collecting CloudTrail logs from multiple accounts or regions in an Amazon S3 bucket and reduced the chance of missing files by using ObjectCreate notifications. It is an alternative to the prefix method to collect data because it does not require that the file names in the folders be in a string sorted in ascending order based on the full path. In this course, you learn which services you need properly configured in your AWS environment to make this method work. Following this, you learn how to add an Amazon AWS CloudTrail log source, and at the end, you see how a successfully configured log source receives events from AWS.