Select Page

AWS Cloudwatch

Welcome Forums Integrations AWS Cloudwatch

Viewing 1 post (of 1 total)
  • Author
  • #2122
    Charles HerringCharles Herring

    – To integrate Cloudwatch with Precinct, we need to create Access Keys (see:
    – The Access Keys need the following permissions:
    o CloudTrailAgentServerPolicy
    o CloudWatchAgentServerPolicy
    – Plug the Access and Secret key into the WitFoo Precinct UI at Admin -> SOAR -> Amazon Web Services Cloudwatch -> Config, click Enable, then SaveĀ icon.

    As a quick overview, logging follows this workflow:
    – The AWS Network logs communications to Cloudwatch in Cloudtrail format. This is enabled by default.
    – Cloudwatch agents on servers send logs to Cloudwatch (see:
    o Be sure to note that if you enable new services (Apache, Mail, etc), the Cloudwatch configuration needs to be enabled for those services.
    – Precinct will make an API call to Cloudwatch using the integration above to ingest and analyze all of those records.

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.