AWS Account Monitoring
Updated Aug 31, 2023Configure AWS account monitoring
This document outlines how to configure your Amazon Web Services® (AWS) accounts for Arctic Wolf® to monitor. For information on which AWS regions Arctic Wolf can monitor, see Supported Amazon Web Services Regions.
Steps
Complete these procedures in order for each of your AWS accounts:
- Provide AWS Credentials to Arctic Wolf
- Configure AWS CloudTrail Event Monitoring
- Configure Amazon GuardDuty Monitoring
Optional AWS configurations
Optional configurations provide additional monitoring that you may find useful, depending on your AWS environment.
-
Configure AWS WAF Log Monitoring
Note: If you want to configure AWS WAF log monitoring you must also configure S3 bucket monitoring.
Change existing AWS configurations
To change existing AWS configurations, follow the Update AWS CloudFormation Stacks instructions.
Tip: In December 2021, the CloudFormation template used for CloudTrail and GuardDuty implementations was updated to automatically block public access during Simple Storage Service (S3) bucket creation. If you did not manually configure your implementation to block public access during S3 bucket creation, we recommend following the steps above to update your CloudFormation stack.