Amazon EC2
Version: AWS Log Forwarder v1.0.10 and above.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Amazon EC2 eliminates your need to invest in the hardware up front, so one could develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing the need to forecast traffic.
Netsurion Open XDR monitors events from Amazon EC2 by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion Open XDR allow you to monitor overall actions performed that are related to the Amazon EC2 service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.
For a new instance, integrate the AWS instance to Netsurion Open XDR using the Netsurion integrator lambda function, which will, in turn, deliver logs to Netsurion Open XDR from AWS. For an already-integrated AWS instance, make sure to update to ETS_AWS_LogForwarder v1.0.10 or above.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Amazon EC2 – Security group rules changed to unrestricted | This alert is triggered when a change is detected in the security group configuration. |
| Security | Amazon EC2 – Snapshot deletion attempt | This alert is triggered when an attempt is made to delete a snapshot for a specified account and region. |
| Security | Amazon EC2 – Sensitive VPC settings modification attempt | This alert is triggered when an attempt is made to change the VPC configuration. |
| Security | Amazon EC2 – Instance termination attempt | This alert is triggered when an attempt is made to shut down the specified instances. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Amazon EC2 – Activity overview | This report contains information related to all the activities of the instance in Amazon EC2. |
| Security | Amazon EC2 – VPC changes | This report contains information related to the modifications made in the VPC configuration in Amazon EC2. |
| Security | Amazon EC2 – Security group modifications | This report contains information related to the changes made in the security group configuration in Amazon EC2. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and ETS-AWS-LogForwarder v1.0.10 and above.
Download Integration Guide and How-to Guide for configuration instructions and more information.