How to get aws cloudwatch alerts using the new sentinel AWS connector.
Hi there,
I'd like to collect AWS cloudwatch logs to Sentinel.
(I'm not much of an AWS user but I can get around.)
Here's what I'd like to do:
#1 - enable AWS Cloudtrail and dump Management logs to an S3 bucket - done
#2 - configure an SQS queue so Sentinel can pull events from AWS - done
#3 - configure Cloudwatch alerts to monitor specific events as recommended here:
https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html
#4 configure Cloudwatch to send alerts to the SQS queue so Sentinel can get them.
I think I've done #1 to #3 but I don't know how to do #4.
(the Sentinel connector side is done - that was the easy part..)
Has anyone configure AWS Cloudwatch to send alerts to Sentinel?
Your help is greatly appreciated.
Thanks.