AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Connect to amazon server with querious12/21/2023 Select a data type from the Destination table drop-down list. Add connection (see second screenshot below). When the script finishes running, copy the Role ARN and the SQS URL from the script's output (see example in first screenshot below) and paste them in their respective fields in the connector page under 2. Copy it and paste it at the prompt of the script. The script will prompt you to enter your Workspace ID. Copy the command from the connector page (under "Run script to set up the environment") and paste it in your command line. See AWS Command Line Interface | Configuration basics for details. Set up your AWS environment, expand Setup with PowerShell script (recommended).įollow the on-screen instructions to download and extract the AWS S3 Setup Script (link downloads a zip file containing the main setup script and helper scripts) from the connector page.īefore running the script, run the aws configure command from your PowerShell command line, and enter the relevant information as prompted. Select Amazon Web Services S3 from the data connectors gallery, and in the details pane, select Open connector page. To run the script to set up the connector, use the following steps:įrom the Microsoft Sentinel navigation menu, select Data connectors. ![]() Installation instructions for the AWS CLI.Installation instructions for PowerShell.You must have PowerShell and the AWS CLI on your machine. If necessary, creates that S3 bucket and that SQS queue for this purpose.Ĭonfigures any necessary IAM permissions policies and applies them to the IAM role created above. To simplify the onboarding process, Microsoft Sentinel has provided a PowerShell script to automate the setup of the AWS side of the connector - the required AWS resources, credentials, and permissions.Ĭreates an IAM assumed role with the minimal necessary permissions, to grant Microsoft Sentinel access to your logs in a given S3 bucket and SQS queue.Įnables specified AWS services to send logs to that S3 bucket, and notification messages to that SQS queue. You must have write permission on your Microsoft Sentinel workspace. Similarly, the Microsoft Sentinel workspace ID is embedded in the AWS configuration, so there is in effect two-way authentication. The AWS credentials are configured with a role and a permissions policy giving them access to those resources. To connect to the SQS queue and the S3 bucket, Microsoft Sentinel uses AWS credentials and connection information embedded in the AWS S3 connector's configuration. The connector reads the message with the path, then fetches the files from the S3 bucket. If there is a message in the queue, it will contain the path to the log files. ![]() The Microsoft Sentinel AWS S3 connector polls the SQS queue at regular, frequent intervals. The S3 bucket sends notification messages to the SQS (Simple Queue Service) message queue whenever it receives new logs. This graphic and the following text shows how the parts of this connector solution interact.ĪWS services are configured to send their logs to S3 (Simple Storage Service) storage buckets. See the instructions for automatic setup later in this document. We have made available, in our GitHub repository, a script that automates the AWS side of this process. This sharing creates secure communication. See the instructions below.Įach side's process produces information used by the other side.
0 Comments
Read More
Leave a Reply. |