AWS Account Monitoring

Updated Jan 26, 2024

Configure AWS accounts for Arctic Wolf monitoring

You can configure Amazon Web Services (AWS)® accounts to send the necessary logs to Arctic Wolf® for security monitoring.

Arctic Wolf uses your AWS credentials to monitor your AWS accounts for suspicious or malicious activity. See AWS Permissions Granted to Arctic Wolf for more information.

Requirements

Before you begin

Steps

For each AWS account that you want Arctic Wolf to monitor, complete these steps:

  1. Obtain your AWS account number.
  2. Provide your AWS account credentials to Arctic Wolf.

Step 1: Obtain your AWS account number

An AWS account number is a 12-digit ID that provides unique identification to an AWS account.

Note: If you have multiple AWS accounts that you want Arctic Wolf to monitor:

  • Arctic Wolf recommends that you use AWS Organizations or AWS Control Tower to aggregate all logs to a single logging account. If you do not use AWS Organizations or AWS Control Tower, provide the account number for each AWS account that you want Arctic Wolf to monitor.
  • If you configured monitoring for separate AWS accounts, but then moved your accounts to a single logging account, update your stacks and delete Arctic Wolf stacks from accounts that are part of the new logging account. See Update AWS CloudFormation Stacks for more information.

For each AWS account that you want Arctic Wolf to monitor, complete these steps:

  1. Sign in to the AWS Management console.

  2. In the menu bar, click Support > Support Center.

  3. Find your Account Number.

    AWS Management console with the account number visible

  4. Copy the Account Number value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 2: Provide your AWS account credentials to Arctic Wolf

For each AWS account to configure, complete these steps:

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the Cloud Services list, select AWS.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Account ID — Enter the AWS account number.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.

Next steps