Configuring AWS Account Monitoring

Configuration Guide

Updated Nov 7, 2022

Configuring AWS Account Monitoring

Overview Direct link to this section

This document outlines how to configure your Amazon Web Services (AWS) accounts for Arctic Wolf® to monitor. For information on which AWS regions Arctic Wolf can monitor, see Supported Amazon Web Services Regions.

Standard AWS configuration Direct link to this section

Complete these procedures in order for each of your AWS accounts:

  1. Providing AWS Credentials to Arctic Wolf
  2. Configuring AWS CloudTrail Event Monitoring
  3. Configuring Amazon GuardDuty Monitoring

Optional AWS configuration Direct link to this section

Optional configurations provide additional monitoring that you may find useful, depending on your AWS environment.

  1. Configuring AWS WAF Log Monitoring

    Note: If you want to configure AWS WAF log monitoring you must also configure S3 bucket monitoring.

  2. Configuring AWS S3 Bucket Log Monitoring

  3. Configuring AWS Security Hub

Changing existing AWS configurations Direct link to this section

To change existing AWS configurations, follow the Updating AWS CloudFormation Stacks instructions.

Tip: In December 2021, the CloudFormation template used for CloudTrail and GuardDuty implementations was updated to automatically block public access during Simple Storage Service (S3) bucket creation. If you did not manually configure your implementation to block public access during S3 bucket creation, we recommend following the steps above to update your CloudFormation stack.