Step 1. Configure AWS (CloudTrail) Event Sources in Security Analytics

Document created by RSA Information Design and Development on Jul 23, 2016Last modified by RSA Information Design and Development on Sep 14, 2016
Version 4Show Document
  • View in full screen mode
 

This topic tells you how to configure AWS (CloudTrail) event sources for the Log Collector.

After completing this procedure, you will have...

  • Configured an AWS (CloudTrail) event source.
  • Modified an AWS (CloudTrail) event source.
  • Pulled a Certificate for a AWS (CloudTrail) event source.

Return to Procedures

Procedures

Configure an AWS (CloudTrail) Event Source

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  1. In the Event Sources tab, select Plugins/Config from the drop-down menu.
  2. In the Event Categories panel toolbar, click Icon-Add.png.
    The Available Event Source Types dialog is displayed.
  3. Select an event source type (for example, cloudtrail) and click OK.

    AddAWSCat2.PNG
    The newly added event source type is displayed in the Event Categories panel.
  4. Select the new type in the Event Categories panel and click Icon-Add.png in the Sources toolbar.
    The Add Source dialog is displayed.
    AddAWSSrc.PNG
  5. Define parameter values (See References - AWS (CloudTrail) Collection Configuration Parameters for definitions of each parameter).
  6. Click Test Connection.
    The result of the test is displayed in the dialog box. If the test is unsuccessful, edit the device or service information and retry.
    Log Collector takes approximately 60 seconds to return the test results. If it exceeds the time limit, the test times out and the Security Analytics displays an error message.
  7. If the test is successful, click OK.
    The new event source is displayed in the Sources panel.

AddAWSSrc3.PNG

Modify an AWS (CloudTrail) Event Source

To modify an event source:

  1. In the Security Analytics menu, select Administration > Services.
  2. In the Services grid, select a Log Collector service.
  3. Click AdvcdExpandBtn.PNGunder Actions and select View > Config.
  4. In the Event Sources tab, select Plugins/Config from the drop-down menu.
    The Event Categories panel is displayed with the event sources that are configured, if any.
  5. Select an event source type in the Event Categories panel.
    The event sources for this type are displayed in the Sources panel.
  6. Select a source and click icon-edit.png in the toolbar.
    The Edit Source dialog is displayed.
  7. Modify the parameters that require changes.
    EditAWSSrc.PNG
  8. Click Test Connection.
    The result of the test is displayed in the dialog box. If the test is unsuccessful, edit the device and service information and retry.
    Log Collector takes approximately 60 seconds to return the test results. If it exceeds the time limit, the test times out and the Security Analytics displays an error message.
  9. If the test is successful, click OK.
    Security Analytics applies the parameter changes to the selected event source.
You are here: AWS (CloudTrail) Collection Configuration Guide > Procedures > Step 1. Configure AWS (CloudTrail) Event Sources in Security Analytics

Attachments

    Outcomes