Amazon AWS Elastic Kubernetes Service

The IBM QRadar DSM for Amazon AWS Elastic Kubernetes Service collects JSON formatted events from the log group of the Amazon CloudWatch logs service.

To integrate Amazon Elastic Kubernetes Service (Amazon EKS) with QRadar, complete the following steps:
  1. If automatic updates are not enabled, download the most recent versions of the RPMs from the IBM® support website (http://www.ibm.com/support).
    • Kubernetes Auditing DSM
    • Amazon Web Services Protocol RPM
    • DSM Common RPM
    • Amazon AWS Kubernetes DSM RPM
  2. Configure Amazon Elastic Kubernetes Service (Amazon EKS) to send events to QRadar. For more information, see Configuring Amazon Elastic Kubernetes Service to communicate with QRadar
  3. If QRadar does not automatically detect the log source, add an Amazon AWS Elastic Kubernetes Service log source on the QRadar Console.