Amazon CloudFront

Version: ETS AWS LogForwarder v1.0.10 or later.

Amazon CloudFront Web Service is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers across the globe with low latency and high transfer speeds.

Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, Machine Analytics, and User behaviour monitoring. The dashboard, category, alerts, and reports in Netsurion Open XDR benefit in tracking critical activities, security warning activities, and others.

After configuring the Amazon CloudFront to forward logs to Netsurion Open XDR via syslog, then configure the alerts, dashboards, and reports to the Netsurion Open XDR.

For a pre-integrated AWS instance, update the version for ETS AWS LogForwarder to v1.0.10 or above.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type	Name	Description
Security	Amazon CloudFront – Configuration manipulation detected	This alert is triggered whenever the configuration for distributions is deleted or maliciously modified.

Reports

Type	Name	Description
Security	Amazon CloudFront – Activity overview	This report contains information related to all console activities concerning the CloudFront service.

Dashboard

Type	Name	Description
Security	Amazon CloudFront – Critical activities by action	This dashlet provides information on actions that can disrupt the CloudFront configuration.
Security	Amazon CloudFront – Configuration changes	This dashlet captures any modification detected in the CloudFront configuration.
Security	Amazon CloudFront – Origin access control modifications	This dashlet provides information on origin access creation and modification in CloudFront distributions.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and ETS AWS LogForwarder.

Download How-To Guide and Integration Guide for configuration instructions and more information.