Impelix IMPACT Integration
with AWS CloudWatch
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
AWS CloudWatch
To integrate CloudWatch with Impelix IMPACT, we need to create Access Keys
https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html
The Access Keys need the following permissions:
- AmazonEC2ReadOnlyAccess
- CloudWatchLogsReadOnlyAccess
- AWSCloudtailReadOnlyAccess
Plug the Access and Secret key into the Impelix IMPACT UI at Admin > Settings > Streamer Integrations > Amazon Web Services CloudWatch. Click Enable, then Save icon.
As a quick overview, logging follows this workflow:
The AWS Network logs communications to CloudWatch in CloudTrail format. This is enabled by default.
CloudWatch agents on servers send logs to CloudWatch
https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html
- Be sure to note that if you enable new services (Apache, Mail, etc.), the CloudWatch configuration needs to be enabled for those services.
Impelix IMPACT will make an API call to CloudWatch using the integration above to ingest and analyze all of those records.
Use this guidance to ensure VPC Flow Logs are properly set up for CloudWatch.
Troubleshooting “Access Error” for VPC Flow Log.
