Before configuring AWS Security Logging for Blumira, we recommend reviewing Blumira’s Getting Started Guide for AWS.
In order to enable broad Blumira coverage for AWS, you will want to follow these configurations steps:
The following guidance will help avoid dependency conflicts in an AWS environment that has not been configured for monitoring. If your environment has already been configured for monitoring and you wish to avoid duplicate roles, groups, or resources; feel free to use those instead so long as your environment meets the above reference architecture to correctly permission and route log flows into a AWS Kinesis Data Stream.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Next, let’s configure the IAM policy that will allow Blumira to ingest your log data from the Kinesis data stream.
After you have your AWS API information, you must configure Blumira to collect AWS logs. You can do this through a Cloud Connector or an AWS Module, if you want to use an existing sensor.
You can use the sections below to guide you through either process.
Cloud Connectors automate the configuration of your AWS integration without requiring you to use a sensor. After you obtain the AWS API parameters, you can then enable Blumira to collect AWS logs.
Adding and Configuring the AWS Kinesis Module on the Blumira Sensor
To collect AWS logs on an existing or new sensor in the sensor UI, you must add the AWS Module (note that the typical “Logger” module must also be present on this sensor for logs to flow; it will be listed at the bottom of your sensor detail page, if present ).
To add the AWS Kinesis Module:
Now that you’ve configured your AWS Kinesis data stream and IAM with Blumira, continue to the next step: Configure AWS CloudTrail >