search cancel

Creating SNS Topic for AWS Securlet configuration

book

Article ID: 172383

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Security Advanced IAAS

Issue/Introduction

This describes how to configure an SNS topic in the AWS Console - if still on AWS Securlet v1

Resolution

  • Go to the SNS Dashboard in the region where the S3 bucket for CloudTrail activities is
located.
  • Click Create to create a new SNS Topic in the region.
Note: If you don't know the region of your S3 bucket, you can find it on the S3 Dashboard. The Region is shown in the third column.
  • In SNS Dashboard > Topics, click Create New Topic.
  • Provide a topic name of your choice, then click Create Topic.
  • On the SNS Dashboard, click Topic Details , then click Other Topic Actions > Edit Topic Policy.
  • After selecting to edit the topic you must add the following snippet in the statements array of the existing topic policy.

           { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "SNS:Publish", "Resource": " ", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:*:*:*" } } } 

                 The two things you need to make sure are done are:
                   1. Make sure that your topic ARN is within the quotations after "Resource": 
                   2. Place the snippet above after the } that is highlighted in the screenshot attached.

Additional Information

The IaaS Securlets in CloudSOC™, that is, AWS and Azure have been significantly optimized to offer better performance and scalability with additional features. This optimized version of the securlets is referred to as V2, and the previous version is V1. Broadcom recommends that you move from V1 to V2 version of the Securlet to avail of the latest improvements. Eventually, the V1 version will be phased out and the V2 version will be the default version available.

Migrating AWS Securlet from V1 to V2:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/securlets-home/about-aws-securlet/migrating-aws-securlet-from-v1-to-v2.html

 

Attachments

2018-08-28 17_26_26-AWS SNS.png get_app