Skip to main content

Tutorial: Implement a Custom SIEM for CloudConnexa Log Streaming

Abstract

Use a serverless function to fetch log files from your AWS S3 bucket and send them to your SIEM using its API.

Custom integration can be implemented using a serverless function to fetch log files from your AWS S3 bucket, unpack them, and then send them to your SIEM using its API. The DataDog AWS Lambda function can be taken as a base to customize for your specific integration.

Prerequisites

  1. A SIEM that has an API that can be used to receive events

  2. Your AWS S3 bucket is configured as per Tutorial: Configure AWS S3 bucket for CloudConnexa Log Streaming

  3. Your AWS S3 bucket is configured in the Log Streaming section of the CloudConnexa Administration Portal without errors.

  4. A serverless compute service for running code such as AWS Lambda.

  5. Code development skills. The DataDog AWS Lambda function is written in Java.

Develop your integration

  1. The repository and contribution guide is here. Follow the contribution steps to start creating your forwarder.

  2. Replace the DataDog API specifics with your SIEM’s API methods.

  3. Update CloudFormation configuration with the required parameters and rename it to cloudconnexas3-to-<SiemName>-forwarder, where SiemName is replaced with the proper SIEM name.

  4. Test and verify your implementation.

  5. Create a pull request to merge your changes to the mainstream.

In this section: