AWS S3 Bucket
Multicloud Defense supports forwarding Security Events and Traffic Logs to an AWS S3 Bucket to send Security Events and Traffic Log information for processing, storage, access and correlation. The information sent is in a semi- structured JSON format where the attribute-value pairs can be accessed and processed.
Requirements
In order to forward Events/Logs to the AWS S3 Bucket, the following is required:
-
Create a new or use an existing AWS S3 Bucket.
-
Apply the following policy to the AWS S3 Bucket to permit the Multicloud Defense Controller to access and write to the bucket:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<controller-role-arn>" }, "Action": "s3:*", "Resource": [ "arn:aws:s3:::<s3bucketname>/*", "arn:aws:s3:::<s3bucketname>" ] } ] }
Profile Parameters
Parameter |
Requirement |
Default |
Description |
---|---|---|---|
Profile Name |
Required |
A unique name to use to reference the Profile. |
|
Description |
Optional |
A description for the Profile. |
|
Destination |
Required |
AWS S3 |
AWS S3 Bucket. |
CSP Account |
Required |
The CSP Account where the AWS S3 Bucket resides. |
|
S3 Bucket |
Required |
The AWS S3 Bucket name where Events/Logs will be forwarded. |