Applies to: AWS Log Forwarder v1.0.10 and above
AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS resources. It enables you to create and control services for user authentication or limit access to a certain set of people who can use AWS resources. With IAM policies, users can manage permissions to the workforce and systems ensuring least-privilege permissions.
Netsurion monitors events from AWS IAM by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. Dashboards and reports in Netsurion's threat protection platform, EventTracker, will track the overall actions that are performed related to the Amazon IAM service to keep you informed about its activities. It will trigger alerts whenever an action that is critical to the service is carried out.
For a new instance, integrate the AWS instance to EventTracker using the EventTracker integrator lambda function, which will in turn deliver logs to EventTracker from AWS.
Once configured to deliver events to EventTracker Manager, the alerts, dashboards, and reports can be configured into EventTracker.
For an already-integrated AWS instance, make sure to update to ETS-AWS-LogForwarder v1.1.0 or above.
The configuration details are consistent with EventTracker version 9.3X and later, and ETS-AWS-LogForwarder v1.0.10 and above.
To configure AWS IAM to send logs to EventTracker, refer to the How-to Guide.
For more information please refer to the Integration Guide.