Skip to main content
Skip table of contents

AWS Config Events API Collection

AWS Config is a fully managed service that provides an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. The System Monitor Agent can import AWS Config events into LogRhythm for analysis. This document explains how to configure the collection of AWS Config events using the Web Console's cloud-to-cloud functionality. This feature is available only to LRCloud customers.

Prerequisites

Before configuring collection from AWS, do the following:

  • Make sure that the customer is an LRCloud customer and has their environment hosted.
  • Ensure that you have a valid AWS Access Key and Secret Access Key.

Initialize the Logs Source

  1. Log in to the Web Console as a Restricted Administrator User.
  2. On the top navigation bar, click the Administration icon 
     and select Cloud Log Collection.
  3. At the top of the Cloud Log Collection page, click New Log Source.
    The New cloud log collection dialog box appears.
  4. Select AWS Config Events SYSMON AGENT tile.
    The Add AWS Config Events Log Source window appears.

  5. Enter the following details:

    Setting

    Default Value

    Description

    NameNot applicableEnter the name for this log source.
    Description (Optional)Not applicableEnter a description for this log source.
    RegionNot applicable

    Enter the endpoint region code for the specific AWS CloudTrail S3 bucket (for example, us-east-1). For more information, see CloudTrail Regions and Endpoints.

    Access Key IDNot applicableEnter the AWS Access Key ID (for example, AKIAIOSFODNN7EXAMPLE).
    Secret Access KeyNot applicable

    Enter the AWS Secret Access Key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

    Resource TypeALLList the Resource types that the Open Collector should collect. To collect from all resource types, use the value ALL; otherwise specify each value separated by a comma (,) without spaces. Possible Values: AWS::CloudTrail::Trail, AWS::EC2::CustomerGateway, AWS::EC2::EIP, AWS::EC2::InternetGateway, AWS::EC2::NetworkAcl, AWS::EC2::NetworkInterface, AWS::EC2::RouteTable, AWS::EC2::SecurityGroup, AWS::EC2::Subnet, AWS::EC2::Volume, AWS::EC2::VPC, AWS::EC2::VPNConnection, or AWS::EC2::VPNGateway. Example: ALL or AWS::EC2::Subnet,AWS::EC2::Volume,AWS::EC2::RouteTable.
  6. Click Save

A new active log source is created and accepted in the Client Console with the provided information. Collection should start automatically in few minutes.

The Platform Manager hosts all the log sources. It is recommended to create a new host entity and move the log source to the new host.

For security, the values entered are encrypted using LRCrypt.

Default Config Values for AWS Config Events Log Source

Setting

Default Value

MaxResultCount

100

StartupDelayInSeconds

30
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close