Security Information and Event Management
The following document outlines how external SIEM solutions can integrate with the Skpr hosting platform.
Access Credentials
A member of the Skpr platform team will provide a set of credentials and AWS resource names so external security teams can integration with our solutions below.
Log Types
CloudTrail
Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
External SIEM integrations are provided with all the CloudTrail events relating to their developer accounts.
Entrypoint for SIEM integration
| Service | Format |
|---|---|
| SQS | Queue item in the format of a S3 put notification |
| S3 | Objects are stored as compressed JSON (gzip) |
CloudFront
CloudFront aggregates all access logs into AWS S3 for log term archival.
Entrypoint for SIEM integration
| Service | Format |
|---|---|
| SQS | Queue item in the format of a S3 put notification wrapped in the SNS format |
| S3 | Objects are stored as compressed JSON (gzip) |
Application
Applications should log all events to stdout.
These logs will then be collected by our logging solution and stored in both CloudWatch and S3.
Entrypoint for SIEM integration
| Service | Format |
|---|---|
| SQS | Queue item in the format of a S3 put notification |
| S3 | Objects are stored as compressed JSON (gzip) |
