Aws s3 bindplane connection

yasinmnk

Hi,

I want to ingest S3 bucket logs using BindPlane. Is it possible to do this without an agent, using only a configuration that specifies the source and destination? If so, how can I handle authentication on the AWS S3 side?

If it's not possible to do it without an agent:
When using an agent to ingest S3 logs, do I need to create an IAM user with the necessary permissions and store the credentials in the agent for authentication?

amithpatil

Hi!

Bindplane has the following documentation to ingest from an S3 bucket : https://bindplane.com/docs/resources/sources/aws-s3-event

you will need to create an SQS queue.

Google SecOps already supports this natively, you can either configure an SQS or S3 feed directly in the feeds UI :

https://cloud.google.com/chronicle/docs/administration/feed-management#add-new-feed

yasinmnk

Hi! @amithpatil
I’d like to use BindPlane to filter the logs. in order to make that, is there any solution?

amithpatil

@yasinmnk you can use Amazon fire hose if you want to filter the logs before sending it to SecOps [1] along with lambda functions.

If you want to use bindplane, you'll need to filter the logs via a processor [2] and add it between the source and destination

[1] https://cloud.google.com/chronicle/docs/administration/feed-management#setup-aws-firehose

[2] https://bindplane.com/docs/resources/processors/filter-by-regex