AWS Secrets Manager

Version: AWS and NetsurionAWSIntegrator v2.0.2 and above.

AWS Secrets Manager service helps to manage, retrieve, and rotate database credentials, application credentials, OAuth tokens, API keys, and other secrets throughout their lifecycles.

Netsurion Open XDR manages logs retrieved from AWS Secrets Manager. The alerts, reports, dashboards, and saved searches in Netsurion Open XDR are enhanced by capturing important and critical activities in AWS Secrets Manager.

The following are the key assets included with this Data Source Integration.

Alerts

TypeNameDescription
SecurityAWS Secrets Manager – Secrets enumeration detectedGenerated when multiple attempts related to read, list, or describe actions for different secrets stored are detected within a very short timeframe.
SecurityAWS Secrets Manager – Secrets policy changes detectedGenerated when the resource policy related to a secret key has been modified.
SecurityAWS Secrets Manager – Secrets restoredGenerated when a secret key has been restored which was otherwise scheduled for disposal.
SecurityAWS Secrets Manager – Secrets value modifications detectedGenerated when the secret key or its related settings have been modified.

Reports

TypeNameDescription
SecurityAWS Secrets Manager – Secrets read-write level activityProvides all details related to activities concerning reading and updating a secret key or its related settings.
SecurityAWS Secrets Manager – Resource policy changesProvides details of any resource policy changes as part of secrets manager.

Dashboards

TypeNameDescription
SecurityAWS Secrets Manager – Settings and permission changesDisplays the data related to any changes made to the secret settings or permissions related to Secrets Manager within a time span of 1 week.
SecurityAWS Secrets Manager – User activity by IPDisplays the details of users interacting with secrets manager (top 10) and their respective public IP address for a duration of 1 day.
SecurityAWS Secrets Manager – Error detailsDisplays the details of top errors by count, mapped to their actions related to secrets manager in a day.
ComplianceAWS Secrets Manager – Activity overviewDisplays the top 10 activities occurring, related to secrets manager for a duration of 1 day.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and AWS Secrets Manager.

Download the Integration Guide for configuration instructions and more information.