AWS

Send Halo Security events directly to AWS services for automated response and integration.

Last updated 16 days ago

Was this helpful?

AWS

Send Halo Security events directly to AWS services for automated response and integration.

This integration allows you to send events from Halo Security to AWS S3 buckets or SQS queues, enabling automated workflows and custom processing within your AWS infrastructure.

Connect Halo Security and AWS

If you haven't already connected Halo Security and AWS for discovery, follow the instructions below:

Add Policy Statements

To allow Halo Security to write event data to AWS, you'll need to add the following statements to your AWS Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            // Existing permissions
            ...
        },
        {
            // For S3
            "Sid": "HaloSecurityS3Write",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "[Your S3 ARN, eg. arn:aws:s3:::xxx-halo-events/*]"
        },
        {
            // For SQS
            "Sid": "HaloSecuritySQS",
            "Effect": "Allow",
            "Action": "sqs:SendMessage",
            "Resource": "[Your SQS ARN, eg. arn:aws:sqs:us-east-1:xxx:xxx-halo-events]"
        }
    ]
}

Create Profiles

Profiles determine how events are sent to AWS services. You can create multiple profiles to send different types of events to different AWS destinations.

To create a profile:

Navigate to your AWS integrations Profiles tab
Click the "+" icon to add a new profile
Configure the profile settings:
1. Name: The name for your AWS profile
2. Type: Select the AWS service type
  1. S3: Store events in an S3 bucket
  2. SQS: Send events to an SQS queue
3. For SQS profiles:
  1. Queue URL: The complete URL of your SQS queue (e.g., https://sqs.us-east-1.amazonaws.com/123456789012/my-queue)
  2. Region: The AWS region where your queue is located (e.g., us-east-1)
4. For S3 profiles:
  1. Bucket: The name of your S3 bucket (e.g., my-security-events)
  2. Path: The path where files will be stored (e.g., security-events/incoming/)
  3. Region: The AWS region where your bucket is located (e.g., us-east-1)
Click Save Changes

Create Event Rules

Learn more about configuring Event Rules at:

Use Cases

Trigger AWS Lambda functions in response to critical security events
Route events into DynamoDB for processing and reporting
Integrate security findings with existing AWS-based security information and event management (SIEM) systems
Create automated remediation workflows using AWS Step Functions
Feed security data into AWS Security Hub
Generate custom reports and dashboards using AWS QuickSight

PreviousSplunk NextVanta