AWS Security Lake Plugin for Log Shipper
AWS Security Lake Plugin for Log Shipper
This document explains how to configure the AWS Security Lake v1.1.0 integration with the Log Shipper module of the Netskope Cloud Exchange platform.
Prerequisites
- A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
- A Netskope Cloud Exchange tenant with the Log Shipper module already configured.
- A Netskope Cloud Exchange tenant with the Netskope CLS and Netskope WebTX plugins already configured. Links for the configuration guides are:
- For Alerts and Events – Netskope CLS
- For Web Transaction Logs – Netskope WebTX
- Amazon S3 bucket permissions for the IAM user.
- ListBucket
- CreateBucket
- ListAllMyBuckets
- GetBucketPolicy
- GetBucketPublicAccessBlock
- PutEncryptionConfiguration
- PutBucketPublicAccessBlock
- PutBucketPolicy
- An Amazon Security Lake enabled AWS account. References: https://docs.aws.amazon.com/security-lake/latest/userguide/ and https://aws.amazon.com/security-lake/.
- AWS Lambda configured as mentioned here.
Plugin Flow
Amazon Security Lake Plugin Support
Event Support | Yes |
Alert Support | Yes |
WebTx Support | Yes |
All Netskope events, alert logs, and web transaction logs will be shared.
Compatibility
Netskope CE: v4.1.0 and v4.2.0
Performance Matrix
This performance reading is for a Large Stack CE with the below mentioned VM specifications.
Stack Size | Large RAM: 32 GB Core: 16 |
Alerts/Events | ~ 6 MBps |
WebTx | ~ 6 MBps |
Workflow
- Configure AWS.
- Configure the AWS Security Lake plugin.
- Configure the Log Shipper Business Rules for AWS Security Lake.
- Configure the Log Shipper SIEM Mappings for AWS Security Lake.
- Validate the AWS Security Lake plugin.
Click play to watch a video.
