AWS CloudTrail integration script
To integrate AWS CloudTrail logs with Sophos Central, you download a customized script and run it using AWS CLI or AWS CloudShell.
The script uses the following variables.
| ||Access token used to add or delete requests.||Randomly generated for customer.|
| ||Access token used to send data.||Randomly generated for customer.|
| ||External ID for trust relationship between Sophos AWS account and ||Randomly generated for customer.|
| ||Specifies whether customer is using AWS Organizations or an ordinary account.|| |
| ||How long data in CloudTrail S3 bucket is kept.||Default is 365 days.|
| ||Default region for creation and use of AWS resources.||Variable only used if you don't select a region.|
| ||URL of data collector. Data from the customer's environment is pushed to this location.|| |
| ||Use existing trail bucket setup or create a new one.||Variable only used if option selected. It is then set to |
| ||Name of S3 bucket if an existing setup is used.||Variable only used if |
| ||Name of S3 bucket folder if an existing setup is used.||Variable only used if |
| ||Name of SNS topic if an existing setup is used.||Variable only used if |
| ||Account ID of Sophos account that reads the CloudTrail S3 bucket. Used to set up trust relationship.||Value created by Sophos.|