Sending System Notifications to AWS SNS

CloudGuard can send notifications on its system events and audit logs to your email or an SNS (Simple Notification Service) topic in your AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. account. If your SNS topic is configured with an SNS subscription, then you can configure CloudGuard to push notifications to your subscription's destination, such as Lambda, SMS, or email.

At AWS SNS, you receive notifications only for those events that you select in the settings for Email Notifications.

Connecting CloudGuard Events and AWS SNS

Step 1: In CloudGuard, enable SNS integration

  1. In CloudGuard, go to SettingsIntegrations.

  2. In the SNS window, select Enable.
    Wait for the configuration window to open and then copy the environment number that shows.

    Important - The environment number changes and is dependent on which data center your account belongs to.

Step 2: In AWS, create an SNS topic

  1. In the AWS console, go to Services > All services > Simple Notification Service.

  2. Select Create topic.

  3. Below Details, select Standard and enter a name for the SNS topic, for example, cloudguard-sns.

  4. Open the Access policy section and select:

    1. In Choose method, select Basic.

    2. In Define who can publish messages to the topic, select the option Only the specified AWS accounts and paste below the environment number copied in Step 1.

    3. In Define who can subscribe to this topic, select the option Only the topic owner.

  5. Click Create topic.

  6. In the Details window that opens, copy the ARN.

Step 3: Add an SNS subscription to the topic

After you create an AWS SNS topic, you must add subscriptions to integrate the information (notifications) to an endpoint. In AWS, navigate to the SNS page and select the SNS topic which you created.

  1. In Subscriptions, click Create subscription.

  2. Below Protocol, select a protocol, for example, Email.

    Enter the details for the endpoint that is to receive the subscription. For example, for an email, the endpoint is the email address.

  3. Click Create subscription. The subscription status is set to pending until it is confirmed. For email subscriptions, when an email is sent to the endpoint address, it is necessary to confirm the email.

    Note - SNS is not sent to a subscription that is not confirmed.

  4. Go back to the browser tab where CloudGuard is currently open.

  5. Paste the topic ARNClosed Amazon Resource Names (ARNs) uniquely identify AWS resources. They are required to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls. into the SNS configuration text box.

  6. Click Save.

    In CloudGuard, SNS integration is Enabled.

Step 4: Create a new KMS key

  1. In the AWS Management Console, go to Services > Security, Identity, & Compliance > Key Management Service.

  2. Click Create a key.

  3. On the Configure key page:

    1. In the Key type section, select Symmetric.

    2. In the Key usage section, select Encrypt and decrypt.

    3. If the KMSClosed AWS Key Management Service (AWS KMS) - A managed service that simplifies the creation and control of encryption keys that are used to encrypt data. and CloudGuard are in different regions, in the Advanced options section select Multi-Region key.

    4. Click Next.

  4. On the Add labels page:

    1. In the Alias section, enter an alias for the key.

    2. Click Next.

  5. On the Define key administrative permissions page, configure administrative permissions for the key.

  6. On the Define key usage permissions page:

    1. In the Key users section, select IAMClosed Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. users and rules to allow to use the key.

    2. In the Other AWS accounts section, click Add another AWS account and paste the environment number for CloudGuard that you copied in Step 1.

    3. Click Next.

  7. On the Review page, click Finish.

    The Customer managed keys screen opens and the new key appears in the table.

Step 5: Associate the KMS Key with your SNS topic

  1. In the AWS Management Console, go to ServicesApplication Integration > Simple Notification Service > Topics.

  2. Click the SNS topic you created for CloudGuard.

    The topic page opens.

  3. Click Edit.

    The Edit topic page opens.

  4. In the Encryption section:

    1. Toggle the Encryption button to the "On" position.

    2. In the AWS KMS key field, select your KMS key.

  5. Click Save changes.

Integration of Findings Notification

Configure the SNS topic to send single findings (not reports).

To configure SNS integration for single findings:

  1. In AWS, copy the SNS ARN from the topic that you created.

  2. Navigate to Settings > Configure > Notifications in CloudGuard.

  3. Click the notification name (or create a new one) where you want to configure SNS integration.

  4. Below Immediate Notification, select the option SNS notification for each new finding as soon as it is discovered.

  5. Paste the topic ARN that you copied in Step 3.

  6. Click Send Test Message and make sure that the message shows in your SNS subscription.

  7. To save the changes to the notifications, click Save.

More Links