AWS Security

The AWS Security Monitoring application is a comprehensive tool primarily focused on security use cases, but that also analyzes the general status of an AWS environment from an operational standpoint.

Through its 'single pane of glass' approach, Security Monitoring simplifies the diagnostics of an AWS environment, facilitating also the analysis in depth of the running instances as well as their performance and health condition in real time.

AWS Security app is offered in Devo Exchange. This application requires your domain to have these data sources:

cloud.aws.cloudtrail
cloud.aws.cloudtrail.events

After it has been installed, it is necessary to go to Roles Management. It is located in the navigation menu by clicking on Administration > Roles. In Roles Management select the role that will use the application, then click on the Application tab. Select AWS Security and move it to the right. Click Save.

You will need to log out using the logout option at the bottom of the navigation menu and then sign back in.

When you log back in, from the navigation menu click Applications, then AWS Security.

When you enter AWS Security Monitor, you are presented with a summary view of the system overview.

On the left of the summary view there is a graph with visual information on Audit events by service, which can be:

Infrastructure
Networking
Data Storage
DevOps
Security

The top part of the screen shows counters for:

Instance check fails
system check fails
Credit balance
Credit usage

In the middle of the screen statistics are presented for

Lambdas
s3 buckets
ELB Instances
EC2 Instances
RDS instances

A topology and a 3D map are also provided.

User experience

To view each user's experience, select from the top left the User Experience icon.

In this view, type the name of the user in the search box provided and select it.

The screen will show information for the user, such as:

Unique sessions
Unique users
Unique devices
Session performance metrics
User experience metrics
Device health metrics