AWS Elastic Load Balancing
This pack includes Cortex XSIAM content.
Important Notes
- Time in this pack is parsed with the calculaton of UTC 00:00+.
Configuration on Server Side
When you enable access logs for your load balancer, you must specify the name of the S3 bucket where the load balancer will store the logs. The bucket must have a bucket policy that grants Elastic Load Balancing permission to write to the bucket.
Follow the steps:
- Create an S3 bucket, as described here.
- Attach a policy to your S3 bucket, as described here.
- Configure access logs, as described here.
- Verify bucket permissions, as described here.
Collect Events from Vendor
In order to use the collector, use the XDRC (XDR Collector) option.
XDRC (XDR Collector)
To create or configure the Amazon S3 collector, use the information described here.
You can configure the specific vendor and product for this instance.
- Navigate to Settings → Data Sources &rarr Add Data Source.
- Click Amazon S3.
- Click Connect or Connect Another Instance.
- Select the Access Key or Assumed Role filter, according to the implementation method of your choice.
- When configuring the new Amazon S3 data source, set the following values:
Parameter Value SQS URLEnter SQS URL. NameEnter ELB. Role ARN/AWS Client IDEnter Role ARN / AWS Client ID. External Id/AWS Client SecretEnter External Id / AWS Client Secret. Log TypeEnter Generic. Log FormatEnter Raw. CompressionEnter uncompressed.