AWS - Amazon Cloud Trail \ Watch - I need to pull these logs into ArcSight - Please provide flexConnector
AWS - Amazon Cloud Trail - I need to pull the logs into ArcSight.
I see the discussions on Protect724, but can't find the flex files to make it work. This should be apart of ArcSight standard connectors, can you please provide?
Hi Bobbie, unfortunately this isn't a standard connector, of which the official list can be seen here and it is missing -> http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-3404ENW.pdf.
I agree with you, it should be supported soon. If you are interested in official support, the best thing to do is to submit a feature request to HP support, and then post the Request number here so others can support it.
Hope this helps.
We are going to add support for Amazon Cloud Trail pretty soon. It would be helpful if you could elaborate more on the need. Cloud Trail supports many Amazon applications (see CloudTrail Supported Services - AWS CloudTrail) - which are you most interested in?
First thing to start with should be the Administration and Security I think. Primarily, once a connector with parsing has been developed for the JSON format which CloudTrail uses I think any of the supported services will be parsed more or less with only minimal adjustment for each logical sub-division.
My biggest issues, which Ive not yet had a chance to follow up on, are parsing nested JSON values and that the FolderFollower connector does not handle .gz files like the FileReader connectors do.
Supporting those 2 items I think will get us 80% of the way to supporting all of the AWS logging domains handled by CloudTrail.