Integration Guide for AWS
This guide provides instructions for integrating AlphaSOC with your Amazon Web Services (AWS) environment. It outlines the complete workflow, from telemetry ingestion to receiving findings.
To fully integrate AlphaSOC with your AWS infrastructure:
- Configure one or more supported AWS data origins for security monitoring.
- Set up an Amazon S3 bucket to store and submit telemetry to AlphaSOC. For setup instructions, refer to the Amazon S3 Setup Guide.
- Configure findings transport via preferred AWS service.
AWS Data Origins
AlphaSOC collects and analyzes telemetry from the following AWS services:
- CloudTrail: Account activity and API calls across your AWS infrastructure.
- EKS BETA: Kubernetes cluster activity and security events.
- Route 53: DNS query logs for domain-based threat detection.
- VPC Flow Logs: Network traffic metadata for flow monitoring.
Escalating Findings Transport via AWS
After processing telemetry, AlphaSOC delivers findings through the following AWS services:
- S3: Scalable object storage.
- EventBridge: Real-time event streaming between AWS and external services.
- Security Hub PLANNING: Centralized security findings management.
- Security Lake PLANNING: Unified security data repository.
Additional Guidance
Need help integrating AlphaSOC into your AWS environment? Contact us.