cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
Find out more

How to get aws cloudwatch alerts using the new sentinel AWS connector.

SocInABox
Iron Contributor

‎Sep 24 2023 08:59 PM

‎Sep 24 2023 08:59 PM

How to get aws cloudwatch alerts using the new sentinel AWS connector.

Hi there,

I'd like to collect AWS cloudwatch logs to Sentinel.

(I'm not much of an AWS user but I can get around.)

Here's what I'd like to do:

#1 - enable AWS Cloudtrail and dump Management logs to an S3 bucket - done

#2 - configure an SQS queue so Sentinel can pull events from AWS - done

#3 - configure Cloudwatch alerts to monitor specific events as recommended here:

https://docs.aws.amazon.com/securityhub/latest/userguide/cloudwatch-controls.html

#4 configure Cloudwatch to send alerts to the SQS queue so Sentinel can get them.

I think I've done #1 to #3 but I don't know how to do #4.

(the Sentinel connector side is done - that was the easy part..)

Has anyone configure AWS Cloudwatch to send alerts to Sentinel?

Your help is greatly appreciated.

Thanks.

Labels:
390 Views
0 Likes
4 Replies
Reply
4 Replies
PanagiotisChavariotis

‎Sep 25 2023 02:33 AM

‎Sep 25 2023 02:33 AM

Re: How to get aws cloudwatch alerts using the new sentinel AWS connector.

I doubt anyone has done this already. Furthermore, the "Automatic setup" procedure is not working. It's really weird though that this connector is still in PREVIEW!
0 Likes
Reply
SocInABox

‎Sep 25 2023 07:38 AM - edited ‎Sep 25 2023 07:40 AM

‎Sep 25 2023 07:38 AM - edited ‎Sep 25 2023 07:40 AM

Re: How to get aws cloudwatch alerts using the new sentinel AWS connector.

thanks @Clive_Watson 
Yes I've read that procedure several times but there's nothing in there about setting up the AWS site for Cloudwatch.
In fact if you follow that procedure it's very easy to accidentally log EVERYTHING from AWS Cloudtrail and cost you thousands of dollars per month.

0 Likes
Reply
SocInABox

‎Sep 25 2023 07:39 AM - edited ‎Sep 25 2023 07:40 AM

‎Sep 25 2023 07:39 AM - edited ‎Sep 25 2023 07:40 AM

Re: How to get aws cloudwatch alerts using the new sentinel AWS connector.

yes @PanagiotisChavariotis , I also mentioned that to Microsoft but with no reply.
I don't mind the manual method, however it should be written to work with the CloudWatch best practices alerts and there's nothing in the Microsoft docs for that.

1 Like
Reply