EventBridge

Overview

note

This integration is available only to on-premise deployments.

This document outlines the process for configuring AWS EventBridge to receive findings from AlphaSOC. The integration enables you to store and analyze AlphaSOC's findings within your AWS environment.

To receive findings, set up the following AWS resources:

Event bus that receives findings and delivers them to the destination of your choice.
Access key that enables AlphaSOC to interact with your AWS environment.
Target that receives events from the event bus.

To enable integration, please provide the following configuration details to AlphaSOC:

Event bus ARN.
Event bus AWS region.

Additionally, the AlphaSOC Analytics Engine configuration needs to be updated to enable sending findings to the event bus.

Configuring AlphaSOC Analytics Engine for AWS EventBridge

Add the following configuration to your AlphaSOC Analytics Engine configuration file, replacing the placeholders with the appropriate AWS resource identifiers listed below.

{{AWS_REGION}} - AWS region identifier where the encryption key is configured
{{AWS_ACCOUNT_ID}} - ID of your AWS account
{{ACCESS_KEYS_FILE}} - name of the file containing the AWS access key

outputs:
  eventbridge:
    - eventbusarn: arn:aws:events:{{AWS_REGION}}:{{AWS_ACCOUNT_ID}}:event-bus/ae-event-bus
      region:{{AWS_REGION}}
aws:
  secretsfile: "{{ACCESS_KEY_FILE}}.csv"

important

Changes to the configuration file will become effective only after restarting the AlphaSOC Analytics Engine.

Overview​

Configuring AlphaSOC Analytics Engine for AWS EventBridge​

Overview

Configuring AlphaSOC Analytics Engine for AWS EventBridge