Versions Compared

Version Old Version 4 New Version 5
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Authorize SQS Data Access.

  2. Add data to the S3 bucket.

    1. If you have an AWS organization, create a trail for the organization. Otherwise, create a trail for an AWS account.

      image-20250115-154932.pngImage Removed

      “Quick create” is not recommended.

      image-20250116-220028.pngImage Added

    2. Name the trail Devo.

      image-20250116-215451.pngImage Added

    3. Edit the trail.

    4. Use the existing bucket created in Step 1.

      image-20250116-220152.pngImage Added

    5. Disable SSE-KMS. If you require SSE-KMS, the key resource must be added to the cross account role you crated for Devo.

      image-20250116-220248.pngImage Added

    6. On the next screen, enable events.

      1. Management events are supported by Devo and recommended for detection of unauthorized changes to AWS resources.

      2. Data events are supported by Devo and recommended for detection of unauthorized access or modification of resources, including S3 data (cloud.aws.cloudtrail.s3) and SNS notifications (cloud.aws.cloudtrail.sns).

      3. Insights events are supported by Devo and are recommended for detecting malicious API activity and API service degradation problems (cloud.aws.cloudtrail.insights).

        image-20250116-223323.pngImage Added

    7. Create the trail.

Run It

In the Cloud Collector App, create an SQS Collector instance using this parameters template, replacing the values enclosed in < >.

...