| Vendor | AWS CloudTrail |
|---|---|
| Collection Method | API |
| Query Syntax: event.provider | GenericS3 |
| Billable Sources Calculation | 1 Source Per Integration. |
To create the integration between Huntress and AWS CloudTrail, follow these steps:
- From the Source Management -> Categories page, select "View Details" on the AWS S3 tile.
- Select the green "+Add" button in the top right.
- Enter a name for the integration and then a description if desired.
- Select Save
- Copy your unique Webhook URL and save it for use in later steps.
- Download the CloudFormation template file by right clicking the link and selecting "Save Link As...".
- Select the link, "navigate to the CloudFormation Stacks create page" to open a new tab on the AWS console. Sign in as an account owner.
- Upload the template file downloaded in step 6.
- Enter a Stack name and S3BucketName
- Select Next.
- Select Next under the Configure Stack Options page, no changes are necessary here.
- Select Submit in the Review and Complete page.
- After the stack is created, go to the Outputs tab and apply the BucketPolicyStatements to your S3 bucket. If the bucket is KMS encrypted, apply KmsKeyPolicyStatement to KMS Key.
- Within 10-20 minutes, logs should begin showing in the Huntress SIEM.