Links

SIEM

Security Information and Event Management (SIEM) in AWS
SIEM is an AWS solution that provides cloud customers with visibility into their infrastructure and applications, to facilitate data-driven decisions. SIEM uses AWS Control Tower to monitor workloads in real-time, identify security issues, provide virus and malware protection, and expedite root-cause analysis.
You can monitor and manage your AWS cloud using SIEM in the DuploCloud Portal.

Configuring the DuploCloud Portal to access AWS SIEM

To connect your AWS SIEM account with the DuploCloud Portal, contact our DuploCloud Support Team using your DuploCloud Slack channel or email the team.

Using the SIEM Dashboard

After DuploCloud has connected your AWS SIEM account to the DuploCloud Portal, you'll have full access to your SIEM modules without having to log in to the AWS Portal. You can open multiple dashboard instances by clicking Open New Tab on the SIEM page.
The SIEM dashboard displays modules, grouped by the following categories:
  • Security Information Management - Investigate Security Events and Alerts related to AWS services.
  • Auditing and Policy Monitoring - Examine security policies and auditing reports. Scan your assets and work with Configuration Assessment reports that audit your environment.
  • Threat Detection and Response - Analyze data about cyber threats, vulnerabilities, and security attack strategies identified by the MITRE ATT&CK database.
  • Regulatory Compliance - Gather comprehensive details about all of your regulatory and compliance controls and how well your installation is measuring up. Detailed statistics covering your compliance with PSI, TSC, HIPAA, NIST 800-53, and GDPR regulations are available in one place.
SIEM page with available Modules and Open New Tab option

Using the Navigation Menu

Clicking the Navigation Menu icon (
) allows you to access a number of integrated tools that DuploCloud has plugged into the portal such as Wazuh, Kibana, and Open Distro for ElasticSearch, which connect you to the SIEM application in AWS. You also can use Management functions such as Dev Tools, to access the SIEM console for creating queries and the Stack Management function in Kibana.
Navigation Menu icon on the SIEM page

Using the DuploCloud Modules window menu

The DuploCloud Modules window menu gives you centralized access to available SIEM modules with the Modules directory but also lets you navigate to other options as well.
DuploCloud Modules window with Modules directory on the SIEM page

Management directory

Management directory featuring Administration and Status and reports menus
The Management directory includes a number of tools for Administration, including the Rules page, displayed below, and Status and Reports. You can also manage your Security and general Settings from the DuploCloud Modules window.
Rules page from Management directory Administration -> Rules option

Agents

The Agents option allows you to view a dashboard of all running agents from AWS and DuploCloud.
Agents dashboard

Dev Tools

Dev Tools gives you direct access to the AWS Console.
AWS Console from the Dev Tools option