Blumira connects to AWS using Kinesis Data Stream to log security events. Blumira then intelligently analyzes those logs to automatically detect suspected threats, notify you of those threats, and provide you with an actionable response.
Before you begin
Before configuring AWS Security Logging for Blumira, we recommend reviewing Blumira’s Getting Started Guide for AWS.
To add the AWS Cloud Connector in Blumira, you must gather these values from AWS Kinesis:
- AWS Logging Region
- Access Key ID
- Secret Access Key
Configuring AWS Kinesis Data Stream
To configure the Kinesis Data Stream:
- From the AWS Console, validate that we are operating in the region in which you want to configure AWS logging.
- From the Kinesis service, select Kinesis Data Streams, and then click Create data stream.
- Type a name for the stream in the Data stream name box.
Tip: We recommend using the format "company name-region.”
- Under Data stream capacity, select the number of open shards (we recommend that you start with one).
- Click Create data stream.
- Under Stream details, copy and save the stream's Amazon resource name (ARN) for use in the steps below.
Configuring the AWS Identity and Access Management policy
After you configure the Kinesis data stream, you must configure the Identity and Access Management (IAM) policy to allow Blumira to ingest your log data from the stream. You will need the ARN value gathered in the previous step.
To configure the IAM policy for Blumira:
- Under Set user details, type the name you want to use for Blumira access in the User name box.
- Under Select AWS access type, select the Programmatic access checkbox.
- Click Next: Permissions.
- Click Create policy.
- Enter Service: Kinesis; Access List; and Read and specify the ARN for the data stream.
- When prompted, type a name for the policy.
- Complete the AWS IAM role configuration with the default options.
- Save the secret access key and access key ID to be used in the AWS Cloud Connector in Blumira.
Integrating with AWS using a Cloud Connector
Cloud Connectors automate the configuration of your integrations without requiring you to use a sensor. After you obtain your integration's configuration parameters, you can then enable Blumira to collect your logs.
To configure your integration with Blumira Cloud Connector:
- In the Blumira app, go to the Cloud Connectors page (Settings > Cloud Connectors).
- Click + Add Cloud Connector.
- In the Available Cloud Connectors window, click the connector that you want to add.
- If you want to change the name of the Cloud Connector, type the new name in the Cloud Connector Name box.
- Enter the API credentials that you collected in the "Before you begin" section above.
- Click Connect.
- On the Cloud Connectors screen, under Current Status, you can view the configuration’s progress. When the configuration completes, the status changes to Online (green dot).
Important: If you previously deployed a Module for this integration, then you must remove it via the Sensors page (Settings > Sensors) to avoid log duplication.
After you integrate with AWS Kinesis Data Stream and IAM, go to the following sections to continue integrating with AWS: