Configure AWS accounts for Arctic Wolf monitoring

You can configure Amazon Web Services (AWS)® accounts to send the necessary logs to Arctic Wolf® for security monitoring.

Arctic Wolf uses your AWS credentials to monitor your AWS accounts for suspicious or malicious activity. For more information, see AWS permissions granted to Arctic Wolf.

Note:

Make sure to complete these steps for each AWS account that you want Arctic Wolf to monitor.

These resources are required:

  • Access to the AWS Management Console
  • Access to the MDR Dashboard

These actions are required:

  • For each account you want Arctic Wolf to monitor, provide your 12-digit AWS account number to your Concierge Security® Team (CST).
    Note:

    Your CST uses this information to verify that your accounts are authorized to send data. After confirmation, you can configure your AWS accounts to send CloudTrail events to the Arctic Wolf infrastructure.

Obtain your AWS account number

Complete these steps for each AWS account that you want Arctic Wolf to monitor.

An AWS account number is a 12-digit ID that provides unique identification to an AWS account.

Note:

If you have multiple AWS accounts that you want Arctic Wolf to monitor, consider using AWS Organizations or AWS Control Tower to aggregate all logs to a single logging account. Otherwise, you must provide the account number for each AWS account that you want Arctic Wolf to monitor.

If you configured monitoring for separate AWS accounts, but then moved your accounts to a single logging account, update your stacks and delete Arctic Wolf stacks from accounts that are part of the new logging account. For more information, see Update AWS CloudFormation Stacks.

  1. Sign in to the AWS Management Console.
  2. In the menu bar, click the question mark icon, and then click Support Center.
  3. Find your Account number in the navigation pane.
  4. Copy the Account number value, and then save it to a safe, encrypted location to provide to Arctic Wolf later.

Provide AWS credentials to Arctic Wolf

Complete these steps for each AWS account that you want to Arctic Wolf to monitor.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click AWS.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Account ID — Enter the AWS account number.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  6. Click Test and submit credentials.