LimaCharlie is an integrated security platform that gives you full control and visibility over your security posture. Build on our advanced Detection, Automation, and Response Engine.
Creating an Amazon S3 Bucket
- In the AWS console, Select Create new S3 bucket. You may also choose to use an existing S3 bucket.
- Provide a name for AWS KMS alias or choose an existing AWS KMS Key.
- You can leave the other settings as default and click Next.
- Choose Event type, add Data events as required, and click Next.
- Review the settings in Review and create and click Create trail.
- In the AWS console, search for "Amazon S3 Buckets".
- Click the newly created log bucket and select the folder AWS Logs.
Then click Copy S3 URI and save it for use in the further steps.
Forwarding LimaCharlie logs to S3 logs
- In the Lima Charlie management portal, select Outputs from the left menu
2. Under Choose output stream, select Events
3. Under choose output destination, select Amazon S3
4. Enter the Name for the config, Bucket name, Key ID and secret key and then, click Save output
Configuring a Feed in Chronicle
To configure a feed in Chronicle,
- From your Chronicle instance page, select Settings from the main menu at the top left of your screen.
2. Click Feeds where you can find the data feeds that you have configured as well as the default feeds that Google provided.
3. From the Feeds page, click ADD NEW at the top of the screen.
The ADD FEED window appears.
4. In the Set Properties tab, select SOURCE TYPE as from the dropdown menu.
5. Select the Log Type as Lima Charlie from the dropdown menu and Click Next.
6. In Input Parameters tab, paste the region, S3 URI, Access Key ID & Secret key that you copied from configuration tab of a storage bucket and click and select if the URI is a directory or a file from the drop-down and select source deletion depending upon the requirement.
7. In the Finalize tab, click Submit.