Cyderes supports the ingestion of AWS WAF logs for alarms and API calls via AWS S3 using AWS CloudWatch and AWS CloudTrail.
Chronicle Data Types¶
- Create a new S3 bucket for AWS CloudWatch and AWS CloudTrail logs. A pre-existing S3 bucket may also be used. This guide AWS Guide can be followed.
- Follow the AWS WAF logging instructions to send AWS WAF logs for API calls to the S3 bucket created in step one using AWS CloudTrail. These instructions also explain how to send logs Amazon WAF alarms logs via CloudWatch to an S3 bucket.
- Confirm AWS WAF Logs are flowing into the S3 bucket
- Follow the AWS S3 Bucket guide to create an IAM user for Cyderes that can access the S3 bucket
- Provide the authentication information to Cyderes per the AWS S3 Bucket Guide