According to Amazon, monitoring is an important part of maintaining the reliability, availability, and performance of AWS Config and your AWS solutions. It helps us to spot issues before they impact the business and allows us to improve security posture and reduce the risk profile of our environment while at the same time ensuring smooth operations and even helping to predict the performance trends of the resources.
Overview of the configuration of AWS Config Log DSM. Here, we’d mention the log source type, the protocol type and other information
Configuring the protocol information. Mentioning the Authentication Method, Access Keys and Collection Method as well as the Collection URL
Testing the Successful Addition of Log Source on QRadar
List of the events triggered analyzed from the AWS Config Logs
With the new DSM update to integrate AWS Config, QRadar now supports parsing of AWS Config logs from S3 buckets to receive alerts on changes or modifications to recorded configurations. When combined with QRadar's powerful threat detection and correlation capabilities, users can expect more effective and robust control of their AWS resources.
To download and use the update, one can directly access the link here – AWS Config Logs DSM. Administrators can review the DSM Configuration Guide to setup AWS Config log sources with an SQS queue or by pointing the log source to a directory prefix.
The engineering team at IBM Security has been working diligently to deliver this functionality. So we hope it makes a difference in your SOC environment. Please, let us know if your team is planning to use this new integration and share your feedback.