Amazon Web Services S3
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | AwsS3 |
| Publisher | Amazon |
| Used in Solutions | Amazon Web Services |
| Collection Method | Native |
| Connector Definition Files | template_AwsS3.json |
This connector allows you to ingest AWS service logs, collected in AWS S3 buckets, to Microsoft Sentinel. The currently supported data types are:
-
AWS CloudTrail
-
VPC Flow Logs
-
AWS GuardDuty
-
AWSCloudWatch
For more information, see the Microsoft Sentinel documentation.
Additional Information
- 📖 Setup Guide: Connect Microsoft Sentinel to AWS - Configure your AWS environment for Microsoft Sentinel integration
- 📖 Related Documentation: AWS service logs - Ingest AWS service logs into Microsoft Sentinel
- 📖 Troubleshooting: Troubleshoot AWS S3 connector issues - Resolve common AWS S3 connector problems
Tables Ingested
This connector ingests data into the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
AWSCloudTrail |
EventName == "CreateUser" |
✓ | ✓ | ? |
AWSCloudWatch |
✓ | ✓ | ? | |
AWSGuardDuty |
✓ | ✓ | ? | |
AWSVPCFlow |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): write permission.
Custom Permissions: - Environment: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Set up your AWS environment
There are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace: Setup with PowerShell script (recommended) Download and extract the files from the following link: AWS S3 Setup Script.
Make sure that you have PowerShell on your machine: Installation instructions for PowerShell.
Make sure that you have the AWS CLI on your machine: Installation instructions for the AWS CLI.
Before running the script, run the aws configure command from your PowerShell command line, and enter the relevant information as prompted. See AWS Command Line Interface | Configuration basics for details. Note: When Aws configure is run, Default output format should not be set to None. It must be set to some value, such as json.
Government Cloud: Download and extract the files from the following link: AWS S3 Setup Script.
Make sure that you have PowerShell on your machine: Installation instructions for PowerShell.
Make sure that you have the AWS CLI on your machine: Installation instructions for the AWS CLI.
Before running the script, run the aws configure command from your PowerShell command line, and enter the relevant information as prompted. See AWS Command Line Interface | Configuration basics for details. Note: When Aws configure is run, Default output format should not be set to None. It must be set to some value, such as json.
- Run script to set up the environment: ./ConfigAwsConnector.ps1
- External ID (Workspace ID): WorkspaceId
> Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.
Manual Setup
Follow the instruction in the following link to set up the environment: Connect AWS S3 to Microsoft Sentinel
2. Add connection
📋 Additional Configuration Step: This connector includes a configuration step of type
AwsS3. Please refer to the Microsoft Sentinel portal for detailed configuration options for this step.
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊