CYDERES supports the ingestion of AWS WAF logs for alarms and API calls via AWS S3 using AWS CloudWatch and AWS CloudTrail.
Chronicle Data Types
- AWS WAF
- Create a new S3 bucket for AWS CloudWatch and AWS CloudTrail logs. Feel free to follow this AWS Guide. If you already have a S3 bucket setup you can use the existing bucket.
- Follow the AWS WAF logging instructions to send your AWS WAF logs for API calls to the S3 bucket created in step one using AWS CloudTrail. These instructions will also explain how to send logs of your Amazon WAF alarms via CloudWatch to your S3 bucket.
- Confirm AWS WAF Logs are flowing into your S3 bucket.
- Follow the AWS S3 Bucket guide to create a IAM user for CYDERES that can access this S3 bucket.
- Provide the authentication information to CYDERES as directed by the AWS S3 Bucket Guide.