Registration

Register the products from which you want to collect logs here.

Cloud Service Platform

AWS

To facilitate the integration of your AWS Cloud, you need to provide the following information:

  1. Creating IAM Account For Teiren

This is a crucial step to ensure secure and appropriate access to your resources. When creating an IAM for TEIREN SIEM, it's important to assign the correct roles to your IAM account. These roles determine the permissions for the IAM account and ensure it can perform necessary operations within TEIREN SIEM. It is essential for the IAM account to have access to actions included in the Json below.

{
  "Statement": [
    {
      "Action": [
        "apigateway:GET",
        "autoscaling:Describe*",
        "backup:List*",
        "budgets:ViewBudget",
        "cloudfront:GetDistributionConfig",
        "cloudfront:ListDistributions",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:LookupEvents",
        "cloudwatch:Describe*",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "codedeploy:List*",
        "codedeploy:BatchGet*",
        "directconnect:Describe*",
        "dynamodb:List*",
        "dynamodb:Describe*",
        "ec2:Describe*",
        "ec2:GetTransitGatewayPrefixListReferences",
        "ec2:SearchTransitGatewayRoutes",
        "ecs:Describe*",
        "ecs:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "elasticfilesystem:DescribeFileSystems",
        "elasticfilesystem:DescribeTags",
        "elasticfilesystem:DescribeAccessPoints",
        "elasticloadbalancing:Describe*",
        "elasticmapreduce:List*",
        "elasticmapreduce:Describe*",
        "es:ListTags",
        "es:ListDomainNames",
        "es:DescribeElasticsearchDomains",
        "events:CreateEventBus",
        "fsx:DescribeFileSystems",
        "fsx:ListTagsForResource",
        "health:DescribeEvents",
        "health:DescribeEventDetails",
        "health:DescribeAffectedEntities",
        "kinesis:List*",
        "kinesis:Describe*",
        "lambda:GetPolicy",
        "lambda:List*",
        "logs:DeleteSubscriptionFilter",
        "logs:DescribeLogGroups",
        "logs:DescribeLogStreams",
        "logs:DescribeSubscriptionFilters",
        "logs:FilterLogEvents",
        "logs:PutSubscriptionFilter",
        "logs:TestMetricFilter",
        "organizations:Describe*",
        "organizations:List*",
        "rds:Describe*",
        "rds:List*",
        "redshift:DescribeClusters",
        "redshift:DescribeLoggingStatus",
        "route53:List*",
        "s3:GetBucketLogging",
        "s3:GetBucketLocation",
        "s3:GetBucketNotification",
        "s3:GetBucketTagging",
        "s3:ListAllMyBuckets",
        "s3:PutBucketNotification",
        "ses:Get*",
        "sns:List*",
        "sns:Publish",
        "sqs:ListQueues",
        "states:ListStateMachines",
        "states:DescribeStateMachine",
        "support:DescribeTrustedAdvisor*",
        "support:RefreshTrustedAdvisorCheck",
        "tag:GetResources",
        "tag:GetTagKeys",
        "tag:GetTagValues",
        "xray:BatchGetTraces",
        "xray:GetTraceSummaries"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

  1. Integrate AWS CloudTrail/CloudWatch ELB/CloudWatch DNS Logs

Integration with AWS

Please register the information for the AWS account to be integrated into Teiren SIEM. The descriptions for the fields are as follows:

Field
Description

Access Key

This is a unique identifier that is associated with an AWS Identity and Access Management (IAM) user. The access key is used to programmatically call AWS services. You can create, retrieve, or delete an access key for your AWS account from the IAM console. More details can be found at Click Here

Secret Key

This is a key that is used in conjunction with the Access Key to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and ensures the request is unaltered in transit. You can manage your secret keys the same way as access keys through the IAM console.

Region Name

AWS Cloud operates in multiple locations worldwide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area with multiple, isolated locations known as Availability Zones. You can select your region from the AWS Management Console. More on AWS regions and zones can be found at Click Here

Log Group Name

A log group is a group of log streams that share the same retention, monitoring, and access control settings. You can assign a name to each log group. This can be done in the CloudWatch console, under the Log groups section. More on AWS CloudWatch logs can be found at Click Here

  1. Confirm AWS Accout Information

Click the button above to verify if the AWS Account exists. If you encounter any issues with the integration, please leave an inquiry here.

Security Solution

Fortigate (Fortinet Firewall)

Enter the API KEY for Fortigate and click the [Confirm Fortigate Information] button to complete the integration.

Genians NAC

Enter the API KEY for Genians NAC and click the [Confirm Genians NAC Information] button to complete the integration.

Database

MSSQL

Enter the Server IP, Database Name, User ID, User Password, and Table Name for the MSSQL server in sequence, then click the [Confirm Fortigate Information] button to complete the integration.

SYSTEM

For system integration (Windows, Linux, etc.), an agent is provided to the user. Please download the respective file and install it.

Network Transmission

Enter the Protocol, Source IP, Destination Port, Log Tab in sequence, then click the [Confirm Network Transmission Information] button to complete the integration.

Last updated