AWS Securlet Prerequisites

book

Article ID: 170973

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway

Issue/Introduction

This article describes the Elastica AWS Securlet prerequisites.

Resolution

Elastica CloudSOC Prerequisites for the AWS Securlet

  • You must have administrative privileges on your Elastica CloudSOC.
  • You must activate CloudTrail on your AWS account.
    • We only monitor regions where CloudTrail is enabled. See How to activate CloudTrail on your AWS account for more information.
  • You must know your AWS Account number.
  • The email address you use as the username for the administrator login on your AWS account must be exactly the same as the email address that you use as your CloudSOC username. Furthermore, this email address must be within the primary or secondary domains listed for your Elastica CloudSOC account. To confirm, login to CloudSOC, choose <username> > Settings > General , and check your domains as shown below.

 

Assessing your CloudTrail volume

Before activating the AWS Securlet, we recommend that you assess your CloudTrail volume. Use this information to ensure that you subscribe to an adequate usage tier for the AWS Securlet.

  1. Login to your AWS account at this url: https://console.aws.amazon.com .
  2. Navigate to Services > Cloudtrail > Trails . The AWS console shows you the names of the S3 buckets being used for Cloudtrail for each region.
  3. On the AWS management console, navigate to Services > CloudWatch and click Browse Metrics.
  4. On the All metrics tab, choose S3 > Storage Metrics as shown below to see the bucketname for each of the buckets you discovered in step above. Choose the BucketSizeBytes metric for each of the buckets to see a graph of the daily average size of each bucket over time.
  5. Change the chart type to Stacked Area as shown below to add up the sizes of all the S3 buckets you use for Cloudtrail for each region. Use the total value for GB/day as a
    guideline when you subscribe to the AWS Securlet.