Hi QRadar Community!
I’d like to share some exciting details about the new deliveries from the QRadar Development Team! We’ve recently extended our integrations with Amazon Web Services!
We’ve just: (1) released a new integration with Amazon’s Route 53 Service; (2) extended our integration with AWS VPC Flow Logs; and (3) enhanced our integration with Amazon’s Elastic Kubernetes Service.
Amazon AWS Route 53 – New Functionality
We recently delivered a new integration between AWS Route 53 and QRadar. Route 53 is Amazon’s DNS Service (here). In March of 2021 Amazon released the Route 53 Resolver DNS Firewall which allows customers to block queries from known malicious IPS and have more granular control over DNS querying Amazon VPCs.
QRadar now has visibility into DNS activity in AWS environments through ingesting and analyzing Public DNS Query Logs and Resolver Query logs from AWS Route 53 service. Public DNS query logs include details about the public DNS queries received by Route 53 and the resolver query logs include details about queries that originate in Amazon Virtual Private Cloud VPCs and the associated responses (Here).
This integration is facilitated by QRadar Amazon Web Services Protocol and the QRadar Amazon AWS S3 Rest API protocols.
Docs: https://www.ibm.com/docs/en/dsm?topic=configuration-amazon-aws-route-53
Amazon VPC Flow Logs – Extended Functionality
We’ve recently added support for Amazon VPC Flow Logs versions 3-5, which includes support for custom flow logs. Analyzing VPC flow traffic in QRadar allows Amazon users to understand and visualize: (1) how network traffic is move through their environments; (2) where data is going to; (3) how much data is moving; and (4) if there are any anomalies within the traffic patterns.
As a reminder, AWS VPC traffic can be analyzed and visualized in our NEW Network Threat Analytics App which leverages machine learning techniques to detect anomalies in Network Traffic (here).
Docs: https://www.ibm.com/docs/en/dsm?topic=options-amazon-vpc-flow-logs
#BeyondTheDSMGuide Ingesting + Visualizing AWS VPC Flow Logs into QRadar: Here
Amazon Elastic Kubernetes Service (EKS) – Extended Functionality
We’ve added new ‘Custom Event Properties’ for Amazon Elastic Kubernetes Service (EKS) to our “IBM QRadar Content Extension for Amazon AWS”. EKS is Amazon’s hosted Kubernetes Service and our current integration allows QRadar users to analyze activity within their Amazon Kubernetes clusters within QRadar. These new properties will improve our customer’s experience when analyzing their EKS data in QRadar.
Many thanks to Mustapha Rachidi, Charlie Ma, Augustine Chife and the rest of the QRadar Development Team for their fantastic execution on these projects!
Please stay tuned for additional blogs and collateral about these developments.
Related reading:
- #BeyondtheDSMGuide: How Real time is Real Time? A deep dive into ingesting data from AWS into QRadar: Here
- Global Telecommunications Provider Spotlight: X-Force Threat Management and QRadar with AWS: Here
Thanks,
Wendy Willner
Product Manager, QRadar