Follow

Vectra Detect for AWS Deployment Guide

Please see the attachment at the end of this article for the full document!

Introduction

Detect for AWS offers advanced Threat Detection & Response coverage for your AWS control plane. We leverage advanced AI & ML techniques to monitor all activity in your organization’s global AWS footprint for malicious behaviors.

Detect for AWS leverages CloudTrail log and contextual IAM information to find malicious activity, and then attribute it to the malicious actor itself using Vectra’s Kingpin technology.

This guide will enable you to set up Vectra’s CloudTrail integration to allow us to offer protection for your organization. Detect for AWS is delivered as a SaaS (Software as a Service) solution in Vectra’s cloud.

Contains

  • Overview
  • Requirements
  • Deployment Methods
  • Deployment via CloudFormation Template
    • Creating a Detect for AWS Sensor
    • Accepting the Terms of Service
    • CloudFormation Template Configuration
    • Completing the Deployment in the Cognito UI
  • Appendix 1 - AWS Configuration Notes
    • The Permissions Vectra Requires in your AWS Account
      • Vectra AWS IAM Role
      • About AWS External IDs
      • Role Permissions
    • CloudTrail Log S3 Bucket Location
    • KMS Encrypted S3 Bucket Support
  • Appendix 2 - Manual AWS Deployment
    • Creating a Detect for AWS Sensor
    • Accepting the Terms of Service
    • Manual AWS Configuration
    • Completing the Deployment in the Cognito UI
  • Appendix 3 - AWS Log Ingestion Cost Estimates
  • Worldwide Support Contact Information
Was this article helpful?
0 out of 0 found this helpful

Download PDF

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.