Integrating Amazon Security Lake

The steps below outline integration between Amazon Security Lake and Barracuda XDR monitoring. Amazon Security Lake helps you analyze security data so that you can get a complete understanding of your security posture across the entire organization. With Amazon Security Lake, you can also improve the protection of your workloads, applications, and data.

Prerequisites

To integrate Amazon Security Lake, you must have the following: 

• A functioning Amazon Security Lake instance. See https://docs.aws.amazon.com/security-lake/latest/userguide/getting-started.html
• Server Access Logging enabled on Amazon S3 Security. See the To enable Server Access Logging enabled on Amazon S3 Security procedure below.

To enable Server Access Logging enabled on Amazon S3 Security

1. In Amazon S3 Security, navigate to Buckets > [your bucket], where [your bucket] is the name of your bucket.
2. Click the Properties tab.
3. In Server access logging, select the Enable check box.
4. In Destination, enter the path to your bucket.
5. In Log Object key Format, select a format.
   
6. Click Save Changes.
7. Proceed to the To enable the Amazon Security Lake integration for an S3 Bucket procedure.

To create and save access keys for integration

1. In Amazon S3, in the profile menu in the top right corner of the window, click Security Credentials.
   
2. In the Access keys section, click Create access key.
3. Select the I understand creating a root access key is not a best practice, but I still want to create one check box.
4. Click Create access key.
   
5. Copy and save your Access key and Secret access key.
6. Click Done.

To integrate Amazon Security Lake via Simple Queue Service (Optional)

1. In Amazon S3 Security, navigate to Buckets > [your bucket], where [your bucket] is the name of your bucket.
2. Click the Properties tab.
   
3. In the Event notifications area, do one of the following:
4. If there are no event notifications, proceed to step 7.
5. If there is an event notification, click a link in the Destination column on the right.
   
6. In the Details section, copy and save the URL.
   
7. In the Search bar, type Simple Queue Service and hit Return.
   
8. Click Create queue.
   
9. Select your options, then click Create queue.
10. Navigate to Buckets > [your bucket], where [your bucket] is the name of your bucket.
11. Click the Properties tab.
12. In the Event notifications area, click Create event notification.
    
13. In the General configuration area, provide the following:
    • Event name
    • Prefix - optional
    • Suffix - optional
      
      
14. In Event types, select All object create events.
    
15. In Destination, select SQS queue.
16. In Specify SQS queue, select Choose from your SQS queue.
17. Select an SQS queue.
    
18. Click Save Changes.
19. Proceed to the To enable the Amazon Security Lake integration for an SQS Queue procedure below.

To enable the Amazon Security Lake integration for an S3 Bucket

1. In Barracuda XDR Dashboard, navigate to Administration > Integrations.
2. On the AWS Security Lake card, click Setup.
3. Select the Enabled check box.
4. In Log Type, select S3 Bucket.
5. In AWS Bucket, paste the path to your Amazon Bucket.
6. In Access Key, paste your access key.
7. In Secret Key, paste your secret key.
8. Optionally, click Test to verify the credentials.
9. Select the Enable check box.
10. Click Save.

To enable the Amazon Security Lake integration for an SQS Queue

1. In Barracuda XDR Dashboard, navigate to Administration > Integrations.
2. On the AWS Security Lake card, click Setup.
3. Select the Enabled check box.
4. In Log Type, select SQS Queue.
5. In SQS Queue, paste the SQS queue you set up in the previous procedure.
6. In Access Key, paste your access key.
7. In Secret Key, paste your secret key.
   
8. Optionally, click Test to verify the credentials.
9. Select the Enable check box.
10. Click Save.