Logging it all: Integrating Security Monitoring with IBM QRADAR and AWS Cloud
We were asked by our client to develop a cloud strategy to change the way their current “security log collectors” worked. There were multiple log collectors located across the client’s existing data centers and they wanted to consolidate the collection of log files stored and sent to QRadar.
The collector node would securely communicate to an Amazon Web Services (“AWS”) S3 bucket for processing and filtering. It would then communicate the QRADAR security information and event management system (“SIEM”) for processing and analysis by our client. The S3 logs would also be archived and compressed on a schedule basis for future retrieval.