AWS Secrets Manager
Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.
AWS Secrets Manager service helps to manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles.
Netsurion Open XDR manages logs retrieved from AWS Secrets Manager. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in AWS Secrets Manager.
The following are the key assets included with this Data Source Integration.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | AWS Secrets Manager – Secrets enumeration detected | Generated when multiple attempts related to read, list, or describe actions for different secrets stored are detected within a very short timeframe. |
| Security | AWS Secrets Manager – Secrets policy changes detected | Generated when the resource policy related to a secret key has been modified. |
| Security | AWS Secrets Manager – Secrets restored | Generated when a secret key has been restored which was otherwise scheduled for disposal. |
| Security | AWS Secrets Manager – Secrets value modifications detected | Generated when the secret key or its related settings have been modified. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | AWS Secrets Manager – Secrets read-write level activity | Provides all details related to activities concerning reading and updating a secret key or its related settings. |
| Security | AWS Secrets Manager – Resource policy changes | Provides details of any resource policy changes as part of secrets manager. |
Dashboards
| Type | Name | Description |
|---|---|---|
| Security | AWS Secrets Manager – Settings and permission changes | Displays the data related to any changes made to the secret settings or permissions related to Secrets Manager within a time span of 1 week. |
| Security | AWS Secrets Manager – User activity by IP | Displays the details of users interacting with secrets manager (top 10) and their respective public IP address for a duration of 1 day. |
| Security | AWS Secrets Manager – Error details | Displays the details of top errors by count, mapped to their actions related to secrets manager in a day. |
| Compliance | AWS Secrets Manager – Activity overview | Displays the top 10 activities occurring, related to secrets manager for a duration of 1 day. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and AWS Secrets Manager.
Download the Integration Guide for configuration instructions and more information.