IBM Security QRadar

 View Only

#BeyondtheDSMGuide: New! QRadar and AWS Route 53 Integration and Customized VPC Flow Log Support!

By Wendy Willner posted Mon August 30, 2021 04:45 PM

  

Hi QRadar Community!

 

I’d like to share some exciting details about the new deliveries from the QRadar Development Team! We’ve recently extended our integrations with Amazon Web Services!

We’ve just:  (1) released a new integration with  Amazon’s Route 53 Service; (2) extended our integration with AWS VPC Flow Logs; and (3) enhanced our integration with Amazon’s Elastic Kubernetes Service.



 

 

Amazon AWS Route 53 – New Functionality

We recently delivered a new integration between AWS Route 53 and QRadar. Route 53 is Amazon’s DNS Service (here). In March of 2021 Amazon released the Route 53 Resolver DNS Firewall which allows customers to block queries from known malicious IPS and have more granular control over DNS querying Amazon VPCs.

 QRadar now has visibility into DNS activity in AWS environments through ingesting and analyzing Public DNS Query Logs and Resolver Query logs from AWS Route 53 service. Public DNS query logs include details about the public DNS queries received by Route 53 and the resolver query logs include details about queries that originate in Amazon Virtual Private Cloud VPCs and the associated responses (Here).

This integration is facilitated by QRadar Amazon Web Services Protocol and the QRadar Amazon AWS S3 Rest API protocols.

Docs: https://www.ibm.com/docs/en/dsm?topic=configuration-amazon-aws-route-53

Amazon VPC Flow Logs – Extended Functionality

 We’ve recently added support for Amazon VPC Flow Logs versions 3-5, which includes support for custom flow logs. Analyzing VPC flow traffic in QRadar allows Amazon users to understand and visualize: (1) how network traffic is move through their environments; (2) where data is going to; (3) how much data is moving; and (4) if there are any anomalies within the traffic patterns.

 As a reminder, AWS VPC traffic can be analyzed and visualized in our NEW Network Threat Analytics App which leverages machine learning techniques to detect anomalies in Network Traffic (here).

Docs: https://www.ibm.com/docs/en/dsm?topic=options-amazon-vpc-flow-logs

 #BeyondTheDSMGuide Ingesting + Visualizing AWS VPC Flow Logs into QRadar: Here

Amazon Elastic Kubernetes Service (EKS) – Extended Functionality

We’ve added new ‘Custom Event Properties’ for Amazon Elastic Kubernetes Service (EKS) to our “IBM QRadar Content Extension for Amazon AWS”.  EKS is Amazon’s hosted Kubernetes Service and our current integration allows QRadar users to analyze activity within their Amazon Kubernetes clusters within QRadar. These new properties will improve our customer’s experience when analyzing their EKS data in QRadar.

Docs: https://exchange.xforce.ibmcloud.com/hub/extension/bf358419d91d425df1e2ee9e72d37c13


Many thanks to Mustapha Rachidi, Charlie Ma, Augustine Chife and the rest of the QRadar Development Team for their fantastic execution on these projects!


Please stay tuned for additional blogs and collateral about these developments.

Related reading:

  1. #BeyondtheDSMGuide: How Real time is Real Time? A deep dive into ingesting data from AWS into QRadar: Here
  2. Global Telecommunications Provider Spotlight: X-Force Threat Management and QRadar with AWS: Here

Thanks,

Wendy Willner
Product Manager, QRadar

0 comments
30 views

Permalink