AWS S3 Bucket

Multicloud Defense supports forwarding Security Events and Traffic Logs to an AWS S3 Bucket to send Security Events and Traffic Log information for processing, storage, access and correlation. The information sent is in a semi- structured JSON format where the attribute-value pairs can be accessed and processed.

Requirements

In order to forward Events/Logs to the AWS S3 Bucket, the following is required:

Create a new or use an existing AWS S3 Bucket.

Apply the following policy to the AWS S3 Bucket to permit the Multicloud Defense Controller to access and write to the bucket:


{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "<controller-role-arn>"
      },
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::<s3bucketname>/*",
        "arn:aws:s3:::<s3bucketname>"
      ]
    }
  ]
}

Profile Parameters


Parameter	Requirement	Default	Description
Profile Name	Required		A unique name to use to reference the Profile.
Description	Optional		A description for the Profile.
Destination	Required	AWS S3	AWS S3 Bucket.
CSP Account	Required		The CSP Account where the AWS S3 Bucket resides.
S3 Bucket	Required		The AWS S3 Bucket name where Events/Logs will be forwarded.