Overview
Blumira connects to AWS using Kinesis Data Stream to log security events. Blumira then intelligently analyzes those logs to automatically detect suspected threats, notify you of those threats, and provide you with an actionable response.
Note: The AWS integration includes data from up to 1 hour prior to the integration.
Before you begin
Before configuring AWS Security Logging for Blumira, we recommend reviewing Getting started with AWS security monitoring.
To add the AWS Cloud Connector in Blumira, you must gather these values from AWS Kinesis:
- Stream Name (not the full ARN, only the stream name)
- Access Key ID
- Secret Access Key
- AWS Logging Region
Configuring AWS Kinesis Data Stream
To configure the Kinesis Data Stream:
- From the AWS Console, validate that we are operating in the region in which you want to configure AWS logging.
- From the Kinesis service, select Kinesis Data Streams, then click Create data stream.
- In the Data stream name box, type a name for the stream.
Tip: We recommend using the format "company name-region.” - Under Data stream capacity, select Provisioned for capacity mode, and set the number of provisioned shards (we recommend that you start with one).
- Click Create data stream.
- Under Stream details, copy and save the stream's Amazon resource name (ARN) for use in later steps.
Configuring the AWS Identity and Access Management policy
After you configure the Kinesis data stream, you must configure the Identity and Access Management (IAM) policy to allow Blumira to ingest your log data from the stream. You will need the ARN value gathered in the previous step.
To configure the IAM policy for Blumira:
- From the IAM service, click Users in the access management navigation, then click Add Users.
- In the Specify user details window, type the user name you want to use for Blumira access then click Next.
- In the Set permissions window, under Permissions options, select Attach policies directly.
- Under Permissions policies, click Create policy.
- In the Create policy window, complete the following steps:
- Under Service, click Choose a service then select Kinesis.
- Under Actions, click the Access level check boxes next to List and Read.
- Under Resources, select Specific.
- To specificy the stream resource, click Add ARN in the stream row.
- In the Add ARN(s) window, paste the stream's ARN value that you copied in the previous procedure.
- Click Add.
- Click Next: Tags.
-
(Optional) Add a tag name; this is not a required field.
- Click Next: Review.
- Type a name for your policy, then click Create policy.
- Close the policy window that opened automatically, and then click Refresh.
- Search for the policy you created, click the checkbox to the left of it, and then click Next.
- Click Create user.
- Click your newly created user, then click the Security Credentials tab below the summary section.
- Scroll down to the Access keys section and click Create access key.
- Select Application running outside AWS.
-
Click Next.
-
(Optional) Type a description tag, such as “Blumira Kinesis Access Key”.
- Save the secret access key and access key ID to be used in the AWS Cloud Connector in Blumira.
- Click Done.
Integrating with AWS using a Cloud Connector
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure the Blumira Cloud Connector:
- In the Blumira app, navigate to Settings > Cloud Connectors.
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector that you want to add.
- If you want to change the name of the connector, type the new name in the Cloud Connector Name box.
- Enter the credentials that you collected in the previous steps.
- Click Connect.
- On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a sensor module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
Next Steps
After you integrate with AWS Kinesis Data Stream and IAM, go to the following sections to connect these other AWS products with your Kinesis data stream to send logs to Blumira: