After activating AWS Securlet, CloudSOC is not updating with newly created S3 Buckets (whereas the initial Securlet activation allowed for discovery of either all new S3 buckets or new S3 buckets with either a designated prefix or suffix to their name).
Cause
The ARN for IaaSSNSname was incorrect
Resolution
Login to AWS
Verify that you are in the correct region where you have activated the Securlet
Search for CloudFormation and select it
In CloudFormation > Stack choose the Stack name that you created on activation
The CloudFormation > Stack > [Stack name] window opens and click on the Resources tab > click the IaaSctsns link
This opens the AmazonSNS > Topics > IaaSSNSname window
On the left side pane - select Subscriptions
If the Status is "Confirmed" then the issue is different and more troubleshooting will be needed
If the Status is "Pending confirmation" then continue on to the next steps
If the Status is set to 'Pending'- there is a likelihood that an old "V1 resource ARN was used during the Securlet activation instead of the new resource created per the Cloud Formation Template.
Go back to 'Topics' (left hand link on image above). Copy the ARN value
Login to CloudSOC
Go to Securlets > AWS > Connections and click the ellipsis > Edit
Go to the CloudTrail Setup and paste the SNSArn and Click Save
Allow 15 mintues for things to sync and test adding a new S3 bucket.
If the same issue occurs or if there are other problems then it's recommended to 'Delete' the existing connection and reactivate the AWS Securlet.