The QRadar team has been releasing some awesome new features and functions related to hybrid cloud detection. See below for a quick summary of our AWS Integrations.I’ll be following up this article with several other deeper dives into these topics!
Parsers (DSMs):
- AWS CloudTrail: Here
- AWS Network Firewall: Here
- AWS Security Hub: Here
- AWS VPC Flow Logs: Here
- AWS Guard Duty: Here
- AWS Web Application Firewall: Here
- AWS Application Load Balancer: Here
- AWS Elastic Kubernetes Service: Here
AWS Protocols (Mechanism for pulling data into QRadar):
- AWS S3 Protocol: Here
- This protocol allows users to directly pull data from S3 buckets into QRadar
- Amazon Web Services Protocol: Here
- This protocol allows users to pull AWS data directly from CloudWatch Logs, Simple Queue Service (SQS) and Kinesis Data Streams into QRadar
See below for a graphical summary:
These integrations are available for users leveraging QRadar wherever it is hosted: QRoC (QRadar SaaS), QRadar on-prem, QRadar deployed in AWS, Azure or GCP.
Since, we’re on the topic of QRadar and AWS, I’d like to share that IBM Security has achieved AWS Security Technology Partner Status! A great article by my friend and teammate, George Mina can be found (here) with all of the details.
If you are leveraging any of these integrations, I’d also recommend checking out our Cloud Visibility App on the App Exchange (here). This app includes:
- Simplified log source management
- Identity and access management for accounts, users, and IAM roles
- Auto-population of QRadar Network Hierarchy
- Amazon VPC flow log visualization
- Integration with AWS Security Hub and Amazon Detective
Is your team taking advantage of these integrations? Let me know!!
Thanks,
Wendy