If you're having trouble at any stage please contact us at firstname.lastname@example.org.
AWS is a suite of cloud services platform, provides Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) services. AWS helps organizations consume compute power and needed services, all without the need to buy or manage hardware.
But at the same time, the IaaS and SaaS public services presents the organization with new security challenges.
The main challenges and needs are to:
- Get and retain full audit of activities in AWS account
- Retrieve the AWS account activities as IAM users, EC2 changes and data flows, events from PaaS services and many more.
- The granular activities should be available at the organization’s central log or event management system for compliance, investigation or forensic needs.
- Detect security threats and policy violations
What is it
SkyFormation Cloud Connector for AWS, is part of the SkyFormation Cloud Connectors module. It continuously ingests audit events from multiple audit sources in the AWS account, unify the events into a common application events format, enrich the events with needed detection context and send the events to any existing SIEM/SOC system.
How it works
SkyFormation Cloud Connector for AWS retrieves the events from the AWS service through its APIs. Before sending the events to the existing SIEM/SOC system the connector will
- Unify the events into the SkyFormation unified application events format
- Embed the origin event into the SkyFormation event
- Complement the event with missing information
- Enrich the event with detection context as AD identity information
- Encode the resulted event into a standard format as CEF
- Send the event to the existing SIEM/SOC system over syslog
AWS Audit Sources & Events Supported
|Audit Source (API)||Service/Module Covered||Event Types|
|CloudTrail||Console Sign-in||console login success/failed|
|Additional Software & Services: AWS Marketplace|
|Analytics: , Amazon Athena, Amazon CloudSearch, Amazon EMR, AWS Data Pipeline, Amazon Kinesis Firehose, Amazon Kinesis Streams, Amazon QuickSight|
|Application Services: Amazon API Gateway, Amazon Elastic Transcoder, Amazon Elasticsearch Service, Amazon Simple Workflow Service, AWS Step Functions|
|Artificial Intelligence: Amazon Machine Learning, Amazon Polly|
|Business Productivity: Amazon WorkDocs|
|Compute: Amazon Elastic Compute Cloud (EC2), Application Auto Scaling, Auto Scaling, Amazon EC2 Container Registry, Amazon EC2 Container Service, AWS Elastic Beanstalk, Elastic Load Balancing, AWS Lambda|
|Database: Amazon DynamoDB, Amazon ElastiCache, Amazon Redshift, Amazon Relational Database Service|
|Desktop & App Streaming: Amazon WorkSpaces|
|Developers Tools: AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar|
|Game Development: Amazon GameLift|
|Internet Of Things (IOT): AWS IoT|
|Management Tools: AWS Application Discovery Service, AWS CloudFormation, AWS CloudTrail, Amazon CloudWatch Calls, AWS Config, AWS Managed Services, AWS OpsWorks, AWS OpsWorks for Chef Automate, AWS Organizations, AWS Service Catalog,|
|Messaging: Amazon Simple Email Service, Amazon Simple Notification Service, Amazon Simple Queue Service|
|Migration: AWS Database Migration Service, AWS Server Migration Service|
|Mobile Services: Amazon Cognito, AWS Device Farm|
|Networking & Content Delivery: Amazon CloudFront, AWS Direct Connect, Amazon Route 53, Amazon Virtual Private Cloud|
|Security, Identity & Compliance: AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS Security Token Service (STS), AWS Certificate Manager, Amazon Cloud Directory, AWS CloudHSM, AWS Directory Service, Amazon Inspector, AWS WAF|
|Storage: Amazon Simple Storage Service (S3), Amazon Elastic Block Store (EBS), Amazon Elastic File System (EFS), Amazon Glacier, AWS Storage Gateway|
|Support: AWS Personal Health Dashboard, AWS Support|
|CloudWatch Logs||system, application, and custom log files|
|CloudWatch||monitor log files, set alarms, and automatically react to changes in your AWS resources|
AWS GuardDuty: Intelligent threat detection and continuous monitoring on your AWS account and workload
Data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake.
Distributed Denial of Service (DDoS) protection service
|Inspector||Automated security assessment service that helps improve the security and compliance of applications deployed on AWS||Security Alerts|
How to on-board AWS Connector to SkyFormation