Amazon Kinesis

Version: AWS Log Forwarder v1.0.10 and above

Amazon Kinesis Data Analytics is a managed service used to process and analyze streaming data using Java, SQL, or Scala. The service quickly authors and runs the Java, SQL, or Scala code against streaming sources to perform the time series analytics, feed real-time dashboards, and create real-time metrics.

Netsurion Open XDR monitors events from Amazon Kinesis by parsing the AWS CloudTrail logs for Kinesis. Dashboards and reports in Netsurion Open XDR allow you to monitor overall actions triggered related to Kinesis so that you are informed about its activities. It will trigger alerts whenever an action that is critical to the application is carried out, like stopping operation or deletion of app configuration or the application itself.

For a new instance, integrate the AWS instance to Netsurion Open XDR using the Netsurion integrator AWS Lambda function, which will in turn deliver logs to Netsurion Open XDR from Amazon Web Services. For an already-integrated AWS instance, make sure to update to AWS Log Forwarder to v1.0.10 or above.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Amazon Kinesis – Application deleted This alert is triggered when a Kinesis Analytics application is deleted.
Security Amazon Kinesis – Stream retention period decreased This alert is triggered when the retention period of data records is decreased for a Kinesis data stream.
Security Amazon Kinesis – Data stream deleted This alert is triggered when a data stream is deleted in Kinesis.
Security Amazon Kinesis – Delivery stream deleted This alert is triggered when a delivery stream is deleted in Kinesis.
Security Amazon Kinesis – Data stream encryption disabled This alert is triggered when the server-side encryption is disabled for a Kinesis stream.
Operations Amazon Kinesis – Data preprocessor deleted This alert is triggered when a data pre-processing function is removed from the configuration settings of a Kinesis analytics application.
Operations Amazon Kinesis – SQL I/O configuration deletion This alert is triggered when an output stream or a reference output data source is deleted.
Operations Amazon Kinesis – Application stopped This alert is triggered when a Kinesis Analytics application is stopped.
Operations Amazon Kinesis – Stream enhanced metrics disabled This alert is triggered when the enhanced monitoring for a Kinesis stream is disabled.
Operations Amazon Kinesis – Stream shard count updated This alert is triggered when the shard count for a particular Kinesis data stream is updated.

Reports

Type Name Description
Operations Amazon Kinesis – Analytic application modifications This report gives the details of all actions carried out in relation to the Kinesis analytics service. It gives information about the action name, the time it was initiated, and by whom, among some other details related to the application and the user.
Operations Amazon Kinesis – Data stream activities This report gives the details of all actions related to data streams in Kinesis, which includes information like stream name, the action initiated against it, the timestamp for the action, and the user information for the same.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and ETS AWS LogForwarder v1.0.10 and above.

Download Integration Guide and How-to Guide for configuration instructions and more information.