Versions Compared

Version Old Version 7 New Version Current
Changes made by

Virginia Camuñas Núñez

Laszlo Frazer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An analyst wants to detect unauthorized access behavior in isolated virtual networks within AWS.  Using the VPC SQS collector to send Flow logs to Devo, the analyst will find any unauthorized IP traffic.  As a result, the analyst will block the intruder, preventing them from disrupting private network services.

...

  1. Authorize SQS Data Access.

  2. Add data to the S3 bucket.

    1. Select the VPC.

    2. Create flow log.

      image-20250122-183716.pngImage Removedimage-20250129-211320.pngImage Added

    3. Name the Flow “Devo.”

    4. Devo recommends Filter All so that wrongly rejected and wrongly accepted traffic can be analyzed.

    5. Select Send to an Amazon S3 bucket.

      image-20250122-184143.pngImage Removedimage-20250129-211336.pngImage Added

    6. Use the ARN of the S3 bucket you created during the authorization process.

      image-20250122-184413.png

    7. Keeping the defaults for the other settings, create the flow.

...