Help Documentation

Cloud Detection and Response

AWS Account Monitoring

Updated Aug 31, 2023

Configure AWS account monitoring

This document outlines how to configure your Amazon Web Services® (AWS) accounts for Arctic Wolf® to monitor. For information on which AWS regions Arctic Wolf can monitor, see Supported Amazon Web Services Regions.

Steps

Complete these procedures in order for each of your AWS accounts:

  1. Provide AWS Credentials to Arctic Wolf
  2. Configure AWS CloudTrail Event Monitoring
  3. Configure Amazon GuardDuty Monitoring

Optional AWS configurations

Optional configurations provide additional monitoring that you may find useful, depending on your AWS environment.

  1. Configure AWS WAF Log Monitoring

    Note: If you want to configure AWS WAF log monitoring you must also configure S3 bucket monitoring.

  2. Configure AWS S3 Bucket Log Monitoring

  3. Configure AWS Security Hub

Change existing AWS configurations

To change existing AWS configurations, follow the Update AWS CloudFormation Stacks instructions.

Tip: In December 2021, the CloudFormation template used for CloudTrail and GuardDuty implementations was updated to automatically block public access during Simple Storage Service (S3) bucket creation. If you did not manually configure your implementation to block public access during S3 bucket creation, we recommend following the steps above to update your CloudFormation stack.