Configuring AWS Account Monitoring
Overview Direct link to this section
This document outlines how to configure your Amazon Web Services (AWS) accounts for Arctic Wolf® to monitor. For information on which AWS regions Arctic Wolf can monitor, see Supported Amazon Web Services Regions.
Standard AWS configuration Direct link to this section
Complete these procedures in order for each of your AWS accounts:
- Providing AWS Credentials to Arctic Wolf
- Configuring AWS CloudTrail Event Monitoring
- Configuring Amazon GuardDuty Monitoring
Optional AWS configuration Direct link to this section
Optional configurations provide additional monitoring that you may find useful, depending on your AWS environment.
-
Configuring AWS WAF Log Monitoring
Note: If you want to configure AWS WAF log monitoring you must also configure S3 bucket monitoring.
Changing existing AWS configurations Direct link to this section
To change existing AWS configurations, follow the Updating AWS CloudFormation Stacks instructions.
Tip: In December 2021, the CloudFormation template used for CloudTrail and GuardDuty implementations was updated to automatically block public access during Simple Storage Service (S3) bucket creation. If you did not manually configure your implementation to block public access during S3 bucket creation, we recommend following the steps above to update your CloudFormation stack.