Skip to main content

AWS EventBridge (On-Premise Only)

Alert events generated by an on-premise AlphaSOC Analytics Engine instance can be sent to Amazon's EventBridge. For details on what Event Bridge is, see https://aws.amazon.com/eventbridge/.

Creating an Event Bus

Before augmenting your AE configuration, create an event bus by navigating to Amazon EventBridge Event buses and under Custom event bus click Create event bus. Give the bus a name and click Create.

eb-create

Add EventBridge Output to AE

Modifying your AE configuration can be done using the UI bundled with the on-premise AE installation. Please see the On-Premise Installation Guide for details.

Append an eventbridge section to the outputs used by AE as below.

NOTE: Please replace <AWS_ID> and <AWS_REGION> with valid entries based on your AWS ID and the region in which you created the event bus above.

outputs:
...
  eventbridge:
    -
      eventbusarn: arn:aws:events:<AWS_REGION>:<AWS_ID>:event-bus/ae-event-bus
      region: <AWS_REGION>
...

IMPORTANT: Please be sure to restart AE using the UI for the changes to take effect.

Example Event Bus Usage

Once AE has been restarted with the above configuration, any alert events generated by AE will be delivered to the designated event bus which can serve as a producer for custom applications or other AWS services. One such service is AWS CloudWatch. This section will show how to use CloudWatch to verify the above configuration.

Navigate to CloudWatch > Log groups and click Create log group. Give the group a name starting with /aws/events/ and click Create.

log-group-create

Next, navigate to Amazon EventBridge > Rules, select the appropriate event bus and click Create rule.

rule-create-1

Give the rule a name, make sure the correct event bus is selected and click Next.

rule-create-2

Next, under Event source select All events and click Next.

rule-create-3

Select AWS service as the target type and under Select a target choose CloudWatch log group. For the Log group, select the log group created above. and click Next.

rule-create-4

Skip the Configure tags - optional section. Review the configuration and click Create rule.

Finally, navigate back to CloudWatch > Log groups and click on your newly created log group. Any new alert events generated by your on-premise AE instance should arrive under Log streams.