Creating a dataflow
Sending data to Hunters
Logs and security related data generated by AWS can be integrated into Hunters using an S3 source. In order to allow Hunters to access your S3 bucket, please follow this tutorial.
Creating a Dataflow
Login into the Hunters Portal, go to the "Data Flows" section in the left bar, and click the "Add Data Flows" button.
- In the Product box, select AWS
- In the Source box, select AWS S3
- Paste the Role ARN from the prerequisites section in the Hunters' "Add Data Flow" wizard.
For each Data Type, fill in the appropriate File Prefix, File Format and S3 Bucket Name according to the table below.
Data Type File Prefix File Format CloudTrail
AWS Format Config Snapshot
AWS Format VPC Flow Logs
CSV with Header GuardDuty
NDJSON ELB Access Logs
CSV with Header WAF
<Depends on Firehose configuration>
Click the "Test Connection" button.
- After the test has passed, click the "Submit" button and the dataflow will be created.