IBM Security QRadar

 View Only

IBM Security QRadar and AWS Config Logs

By Parjanya Pandey posted Fri February 02, 2024 10:16 AM


The longstanding partnership between IBM Security and Amazon has been instrumental in fostering collaboration and integration. We are excited to announce the integration of QRadar with AWS Config Logs, which extends the boundaries of our offering. 

IBM Security QRadar already integrates with AWS CloudTrail, enabling users to retrieve audit events from an S3 Bucket. The recent addition of AWS Config Logs DSM further enhances this capability by allowing the user to fetch configuration changes or modifications from an S3 Bucket thereby bolstering our monitoring capabilities. 

AWS Config

AWS Config is a service provided by Amazon to easily assess, audit and evaluate the configurations of different AWS Resources for a user. It makes monitoring the resources easier by providing an inventory of all the current resources being utilized by the user as well as tracking for any changes in the configurations. Some of the features of AWS Config are as follows:  

  • Resource Inventory 

    • Provides an Inventory of all the resources which are available on the user’s account for easier tracking and management 

  • Security and Compliance  

    • Makes it easier to manage security issues and maintain compliance standards by getting a quick peek in the configurations and compare the changes with previous ones. 

  • Continuous Monitoring and Configuration History 

    • Continuously monitors and records the configuration changes maintaining visibility of the environment and enabling accessing the state of the resources at different points of time. 

  • Resource Relationships 

    • Enables a user to easily track how different resources and related and connected to one another and what impact one have on the other 

According to Amazon, monitoring is an important part of maintaining the reliability, availability, and performance of AWS Config and your AWS solutions.  It helps us to spot issues before they impact the business and allows us to improve security posture and reduce the risk profile of our environment while at the same time ensuring smooth operations and even helping to predict the performance trends of the resources. 

Overview of the configuration of AWS Config Log DSM. Here, we’d mention the log source type, the protocol type and other information

Configuring the protocol information. Mentioning the Authentication Method, Access Keys and Collection Method as well as the Collection URL

Testing the Successful Addition of Log Source on QRadar

List of the events triggered analyzed from the AWS Config Logs

With the new DSM update to integrate AWS Config, QRadar now supports parsing of AWS Config logs from S3 buckets to receive alerts on changes or modifications to recorded configurations. When combined with QRadar's powerful threat detection and correlation capabilities, users can expect more effective and robust control of their AWS resources.  

To download and use the update, one can directly access the link here – AWS Config Logs DSM. Administrators can review the DSM Configuration Guide to setup AWS Config log sources with an SQS queue or by pointing the log source to a directory prefix. 

The engineering team at IBM Security has been working diligently to deliver this functionality. So we hope it makes a difference in your SOC environment. Please, let us know if your team is planning to use this new integration and share your feedback.