Versions Compared

Version Old Version 6 New Version Current
Changes made by

Laszlo Frazer

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel2
maxLevel2
outlinefalse
typeflat
separatorbrackets
printablefalse

Purpose

AWS SQS may can be used to send any kind of data to Devo. If the data is already located in AWS, then SQS should be used to send it to Devo. The AWS SQS collector provides superior reliability, speed, security, and flexibility.

The AWS SQS collector is commonly used to secure services like WAF, VPC, Control Tower, and CloudTrail.

Send data to Devo

...

Feature

...

Details

...

Allow parallel downloading (multipod)

...

allowed

...

Running environments

...

Cloud Collector App

...

Writes to

...

There are three requirements to send data to Devo with SQS.

  • Place data in an S3 bucket.

  • Authorize SQS data access.

  • Enable the collector with the service matching the data format.

Data sources

Data source

Security Purpose

Collector service name

Devo table

Any

The collector can be customized to process any data.

Use a custom service only if there is no prebuilt service.

 custom_service

 All

AWS CONFIGURATION LOGS

 Cloud Resource Audit

aws_sqs_config

cloud.aws.configlogs.events

AWS ELB

 Load Balancer

aws_sqs_elb

web.aws.elb.access

AWS ALB

 Load Balancer

aws_sqs_alb

web.aws.alb.access

CISCO UMBRELLA

 DNS

aws_sqs_cisco_umbrella

sig.cisco.umbrella.dns

CLOUDFLARE LOGPUSH

 Content Distribution

aws_sqs_cloudflare_logpush

cloud.cloudflare.logpush.http

CLOUDFLARE AUDIT

 Content Distribution

aws_sqs_cloudflare_audit

cloud.aws.cloudflare.audit

CLOUDTRAIL

 AWS Audit

aws_sqs_cloudtrail

cloud.aws.cloudtrail.*

CLOUDTRAIL VIA KINESIS FIREHOSE

 AWS Audit

aws_sqs_cloudtrail_kinesis

cloud.aws.cloudtrail.*

CLOUDWATCH

 Instance Metrics

aws_sqs_cloudwatch

cloud.aws.cloudwatch.logs

CLOUDWATCH VPC

 Private Cloud Metrics

aws_sqs_cloudwatch_vpc

cloud.aws.vpc.flow

CONTROL TOWER

In most cases, use the CloudTrail service instead.

VPC Flow Logs, Cloudtrail, Cloudfront, and/or AWS config logs

aws_sqs_control_tower

 

deprecated

 

aws_sqs_fdr

edr.crowdstrike.cannon

CROWDSTRIKE FALCON DATA REPLICATOR

Antivirus

aws_sqs_fdr_large

edr.crowdstrike.cannon

GUARD DUTY

 Threat Detection

aws_sqs_guard_duty

cloud.aws.guardduty.findings

GUARD DUTY VIA KINESIS FIREHOUSE

 

aws_sqs_guard_duty_kinesis

cloud.aws.guardduty.findings

IMPERVA FLEXPROTECT

Content Delivery

aws_sqs_incapsula

cef0.imperva.incapsula

LACEWORK

 Container and Cloud

aws_sqs_lacework

monitor.lacework.[agent].*

PALO ALTO

 Firewall

aws_sqs_palo_alto

firewall.paloalto.[file-log_type]

ROUTE 53

 Domain Name Service

aws_sqs_route53

dns.aws.route53

OPERATING SYSTEM

 Windows and Unix events

aws_sqs_os

box.unix_cloudwatch

box.win_cloudwatch

SENTINEL ONE FUNNEL

 Endpoint Detections

aws_sqs_s1_funnel

edr.sentinelone.dv

S3 ACCESS

 S3 Bucket Audit

aws_sqs_s3_access

web.aws.s3.access

VPC LOGS

 Private Private Cloud Metrics
(published without CloudWatch)

aws_sqs_vpc

cloud.aws.vpc.flow

WAF LOGS

 Firewall

aws_sqs_waf

cloud.aws.waf.logs

Devo collector features

Feature

Details

Allow parallel downloading (multipod)

allowed

Running environments

Cloud Collector App

Writes to

table