Skip to content

Creating a dataflow

Sending data to Hunters

Prerequisites

Logs and security related data generated by AWS can be integrated into Hunters using an S3 source. In order to allow Hunters to access your S3 bucket, please follow this tutorial.

Creating a Dataflow

Login into the Hunters Portal, go to the "Data Flows" section in the left bar, and click the "Add Data Flows" button.

  1. In the Product box, select AWS
  2. In the Source box, select AWS S3
  3. Paste the Role ARN from the prerequisites section in the Hunters' "Add Data Flow" wizard. Hunters wizard
  4. For each Data Type, fill in the appropriate File Prefix, File Format and S3 Bucket Name according to the table below. AWS Connection Wizard

    Data Type File Prefix File Format
    CloudTrail AWSLogs/{account-id}/CloudTrail/ AWS Format
    Config Snapshot AWSLogs/{account-id}/Config/ AWS Format
    VPC Flow Logs AWSLogs/{account-id}/vpcflowlogs/ CSV with Header
    GuardDuty AWSLogs/{account-id}/GuardDuty/ NDJSON
    ELB Access Logs AWSLogs/{account-id}/elasticloadbalancing/ CSV with Header
    WAF <Depends on Firehose configuration> NDJSON
  5. Click the "Test Connection" button.

  6. After the test has passed, click the "Submit" button and the dataflow will be created.