Integrating with AWS VPC Flow Logs

Before you begin

Before configuring AWS VPC Flow Logs, we recommend reviewing Getting started with AWS security monitoring.

VPC Flow Logs Configuration

1. In the AWS console, navigate to VPC and then click VPCs.
   
   
   
   
2. Click the VPC you want to ingest logs from.
3. On the VPC details page, click Flow logs, then Create flow log.
   
   
   
   
4. In the Flow log settings window, complete the following:
   1. In the Name box, type a name for the Blumira logs.
   2. Under Filter, select 10 minutes.
   3. Under Destination, select Send to CloudWatch logs.
   4. Under Destination log group, select the VPC Flow log group you previously created.
   5. Under IAM role, select a role if one has previously been configured.
      
      
      
   6. If a service role for allowing VPC Flow Logs to put logs into a CloudWatch log group does not already exist, click Set up permissions under the IAM role field, as pictured in the previous image.
   7. Under Role Summary, configure the IAM Role to Create a new IAM Role, then type a role name that will help you identify it as being used for Blumira logging.
      
      

Repeat the above procedure for each VPC from which you wish to ingest logs using the same IAM role.

Now that you’ve configured AWS VPC Flow Logs for Blumira, continue to the next step in configuring AWS for Blumira: configure AWS GuardDuty.