|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Log Collector
RSA Version/Condition: 10.5,10.6.0
|Issue||When Cloud Trial integration followed for GovCloud, the test connection fails with below error in GUI:|
CloudTrailCollector authentication error connecting to S3, check user credentials/permissions! S3ResponseError: 403 Forbidden
|Cause||This issue is due to SA Log Collector works only with AWS Public Clouds. It does not work with AWS GovCloud or Private Cloud as of now. |
|Resolution||Hotfix to be included in 10.6.2 version release.|
|Workaround||Please use below steps as workaround for successful integration:|
- Stop LC service using stop nwlogcollector command.
- Take back up of /etc/netwitness/ng/logcollection/content/collection/cmdscript/cloudtrail/sa_cloudtrail_collector.py by copying file to different location.
- Replace this script with the sa_cloudtrail_collector.py file attached to this article.
- Start LC service using start nwlogcollector.
- Go to CloudTail event source on SA UI and click on 'Test Connection' button to check whether it returns successful or not.