Amazon EC2

Applies to: AWS Log Forwarder v1.0.10 and above

Overview

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Amazon EC2 eliminates your need to invest in the hardware up front, so one could develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing the need to forecast traffic.

Netsurion monitors events from Amazon EC2 by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion’s threat protection platform, EventTracker, will track the overall actions performed that are related to the Amazon EC2 service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.

Previous Next

For a new instance, integrate the AWS instance to EventTracker using the EventTracker integrator lambda function, which will, in turn, deliver logs to EventTracker from AWS.

Once configured to deliver events to EventTracker Manager, the alerts, dashboards, and reports can be configured into EventTracker.

For an already-integrated AWS instance, make sure to update to ETS_AWS_LogForwarder v1.0.10 or above.

Security

Alerts

Amazon EC2 - Security group rules changed to unrestricted: This alert is triggered when a change is detected in the security group configuration.
Amazon EC2 - Snapshot deletion attempt: This alert is triggered when an attempt is made to delete a snapshot for a specified account and region.
Amazon EC2 - Sensitive VPC settings modification attempt: This alert is triggered when an attempt is made to change the VPC configuration.
Amazon EC2 - Instance termination attempt: This alert is triggered when an attempt is made to shut down the specified instances.

Reports

Amazon EC2 - Activity overview: This report contains information related to all the activities of the instance in Amazon EC2.
Amazon EC2 - VPC changes: This report contains information related to the modifications made in the VPC configuration in Amazon EC2.
Amazon EC2 - Security group modifications: This report contains information related to the changes made in the security group configuration in Amazon EC2.

Scope

The configuration details are consistent with EventTracker version 9.3X and later, and ETS-AWS-LogForwarder v1.0.10 and above.

Documentation

To configure Amazon EC2 to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration Guide.