Overview
Blumira connects to AWS using Kinesis Data Stream to log security events. Blumira then intelligently analyzes those logs to automatically detect suspected threats, notify you of those threats, and provide you with an actionable response.
Note: The AWS integration includes data from up to 1 hour prior to the integration.
Before you begin
Before configuring AWS Security Logging for Blumira, we recommend reviewing Getting started with AWS security monitoring.
To add the AWS Cloud Connector in Blumira, you must gather these values from AWS Kinesis:
- Stream Name (not the full ARN, only the stream name)
- Access Key ID
- Secret Access Key
- AWS Logging Region
Configuring AWS Kinesis Data Stream
To configure the Kinesis Data Stream:
- From the AWS Console, validate that we are operating in the region in which you want to configure AWS logging.
- From the Kinesis service, select Kinesis Data Streams, then click Create data stream.
- In the Data stream name box, type a name for the stream.
Tip: We recommend using the format "company name-region.” - Under Data stream capacity, select Provisioned for capacity mode, and set the number of provisioned shards (we recommend that you start with one).
- Click Create data stream.
- Under Stream details, copy and save the stream's Amazon resource name (ARN) for use in later steps.
Configuring the AWS Identity and Access Management policy
After you configure the Kinesis data stream, you must configure the Identity and Access Management (IAM) policy to allow Blumira to ingest your log data from the stream. You will need the ARN value gathered in the previous step.
To configure the IAM policy for Blumira:
- From the IAM service, click Users in the access management navigation, then click Create Users.
- In the Specify user details window, type the user name you want to use for Blumira access then click Next.
- In the Set permissions window, under Permissions options, select Attach policies directly.
- Under Permissions policies, click Create policy.
- In the Create policy window, which opens in a new tab, complete the following steps:
- Click JSON to open the policy editor.
-
Replace the policy with the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"kinesis:SubscribeToShard",
"kinesis:DescribeStreamSummary",
"kinesis:DescribeStreamConsumer",
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:DescribeStream",
"kinesis:ListStreamConsumers",
"kinesis:ListTagsForStream"
],
"Resource": "{KINESISARN}"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"kinesis:ListStreams",
"kinesis:ListShards",
"kinesis:DescribeLimits"
],
"Resource": "*"
}
]
} - In Line 17, replace {KINESISARN} with the ARN you copied in previous steps.
- Click Next.
- Type a name for your policy, then click Create policy.
- Close the policy tab.
- Click Refresh.
- Search for the policy you created, click the check box to the left of it, and then click Next.
- Click Create user.
- Click your newly created user, then click the Security Credentials tab below the summary section.
- Scroll down to the Access keys section and click Create access key.
- Select Application running outside AWS.
-
Click Next.
-
(Optional) Type a description tag, such as “Blumira Kinesis Access Key”.
- Save the secret access key and access key ID to be used in the AWS Cloud Connector in Blumira.
- Click Done.
Integrating with AWS using a Cloud Connector
To configure the Blumira Cloud Connector and begin logging, do the following:
- In Blumira, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, select the connector you want to add.
- In Cloud Connector Name, type a name that will help you identify the integration.
- In the remaining fields, enter the credentials you gathered in the previous steps.
- Click Connect.
Next Steps
After you integrate with AWS Kinesis Data Stream and IAM, go to the following sections to connect these other AWS products with your Kinesis data stream to send logs to Blumira: