Idea ID: 2806518

Arcsight S3 Flex Connector

Status : Delivered
11 months ago

As clients are moving to AWS and other cloud platforms, Just wanted to know is there any plan to introduce a S3 Bucket Arcisght Flex connector. In the sense, If a S3 bucket is exposed by the customer publicly, then the arcsight connector can be able to pull the logs from the bucket and send it to destination.

Cloud trail connector pull the logs from the bucket, but it still collect only the cloudtrail logs in the S3 bucket, We tried to get the NON cloudtrail logs through Cloud trail connector, but it fails. In the agent.log file, we can see that the connector read the file in the S3 bucket, but it just ignores as the log file is not in the CLOUD TRAIL logs.

Tags:

  • Hi Support,

    Would like to check if there is a way to collect other AWS log types using this S3 connector and how to add in our own parser to the smart connector? Currently looking at log types such as AWS WAF logs/ Confluence log sending to AWS S3 bucket. 

     

    Regards Uma

  • Release 8.0.0 will support AWS S3 for Cisco Umbrella.  A subset of log sources are supported in this release (see Release Notes) and the remainder of Cisco Umbrella sources are targeted for the November 2020 release.

    This AWS S3 connector has been written in a generic manner to be able to pull events from AWS.  Additional parsers will provide additional capabilities to this generic set of functions.  Not all log formats are supported, see Release Notes and Connector guides for details.

  • Greetings,

    We are releasing "Amazon S3 SmartConnector" in the ArcSight SmartConnectors 8.0 release, targeted for end of July 2020.In this release, the AWS S3 SmartConnector will be able to gather all the event logs generated by Cisco Umbrella solution.

    Support for additional products are in the roadmap.

    Thank you,

    Emrah Alpa

    Sr. Product Manager | ArcSight Global Content & Connectors

    Micro Focus