➕Registration
Register the products from which you want to collect logs here.
Do you have a product you'd like to integrate? I'll create it for you! Please leave your suggestions here. On average, you'll receive a response within 1-2 days. Developing the related feature will take a minimum of 2 weeks to a maximum of 4 weeks.
Cloud Service Platform
AWS
To facilitate the integration of your AWS Cloud, you need to provide the following information:
Creating IAM Account For Teiren
This is a crucial step to ensure secure and appropriate access to your resources. When creating an IAM for TEIREN SIEM, it's important to assign the correct roles to your IAM account. These roles determine the permissions for the IAM account and ensure it can perform necessary operations within TEIREN SIEM. It is essential for the IAM account to have access to actions included in the Json below.
{
"Statement": [
{
"Action": [
"apigateway:GET",
"autoscaling:Describe*",
"backup:List*",
"budgets:ViewBudget",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codedeploy:List*",
"codedeploy:BatchGet*",
"directconnect:Describe*",
"dynamodb:List*",
"dynamodb:Describe*",
"ec2:Describe*",
"ec2:GetTransitGatewayPrefixListReferences",
"ec2:SearchTransitGatewayRoutes",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeTags",
"elasticfilesystem:DescribeAccessPoints",
"elasticloadbalancing:Describe*",
"elasticmapreduce:List*",
"elasticmapreduce:Describe*",
"es:ListTags",
"es:ListDomainNames",
"es:DescribeElasticsearchDomains",
"events:CreateEventBus",
"fsx:DescribeFileSystems",
"fsx:ListTagsForResource",
"health:DescribeEvents",
"health:DescribeEventDetails",
"health:DescribeAffectedEntities",
"kinesis:List*",
"kinesis:Describe*",
"lambda:GetPolicy",
"lambda:List*",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeSubscriptionFilters",
"logs:FilterLogEvents",
"logs:PutSubscriptionFilter",
"logs:TestMetricFilter",
"organizations:Describe*",
"organizations:List*",
"rds:Describe*",
"rds:List*",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"route53:List*",
"s3:GetBucketLogging",
"s3:GetBucketLocation",
"s3:GetBucketNotification",
"s3:GetBucketTagging",
"s3:ListAllMyBuckets",
"s3:PutBucketNotification",
"ses:Get*",
"sns:List*",
"sns:Publish",
"sqs:ListQueues",
"states:ListStateMachines",
"states:DescribeStateMachine",
"support:DescribeTrustedAdvisor*",
"support:RefreshTrustedAdvisorCheck",
"tag:GetResources",
"tag:GetTagKeys",
"tag:GetTagValues",
"xray:BatchGetTraces",
"xray:GetTraceSummaries"
],
"Effect": "Allow",
"Resource": "*"
}
]
}Please note, assigning the appropriate roles is a critical security measure. It ensures that your IAM account has the necessary access it needs, without exposing your resources to unnecessary risks.
Integrate AWS CloudTrail/CloudWatch ELB/CloudWatch DNS Logs
Please register the information for the AWS account to be integrated into Teiren SIEM. The descriptions for the fields are as follows:
Access Key
This is a unique identifier that is associated with an AWS Identity and Access Management (IAM) user. The access key is used to programmatically call AWS services. You can create, retrieve, or delete an access key for your AWS account from the IAM console. More details can be found at Click Here
Secret Key
This is a key that is used in conjunction with the Access Key to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and ensures the request is unaltered in transit. You can manage your secret keys the same way as access keys through the IAM console.
Region Name
AWS Cloud operates in multiple locations worldwide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area with multiple, isolated locations known as Availability Zones. You can select your region from the AWS Management Console. More on AWS regions and zones can be found at Click Here
Log Group Name
A log group is a group of log streams that share the same retention, monitoring, and access control settings. You can assign a name to each log group. This can be done in the CloudWatch console, under the Log groups section. More on AWS CloudWatch logs can be found at Click Here
Confirm AWS Accout Information
Click the button above to verify if the AWS Account exists. If you encounter any issues with the integration, please leave an inquiry here.
Security Solution
Fortigate (Fortinet Firewall)
Enter the API KEY for Fortigate and click the [Confirm Fortigate Information] button to complete the integration.
Genians NAC
Enter the API KEY for Genians NAC and click the [Confirm Genians NAC Information] button to complete the integration.
Database
MSSQL
Enter the Server IP, Database Name, User ID, User Password, and Table Name for the MSSQL server in sequence, then click the [Confirm Fortigate Information] button to complete the integration.
SYSTEM
For system integration (Windows, Linux, etc.), an agent is provided to the user. Please download the respective file and install it.
Network Transmission
Enter the Protocol, Source IP, Destination Port, Log Tab in sequence, then click the [Confirm Network Transmission Information] button to complete the integration.
Last updated