Bring your own bucket for Log Management
Bring your own AWS bucket to Radiant Security and manage your logs using the new Log Management feature.
In this guide, you will query raw data using Radiant’s log management and search features. You'll choose between two storage options: using Radiant-hosted logs or configuring your own external bucket.
Important Note: For proof of concept (POC) or testing purposes, we allow customers to offload log hosting to us. But, we expect all customers to eventually switch to using their own bucket once they’ve converted from POC.
Once a configuration is chosen, it can no longer be updated. If it needs to be updated, all the data ingested up to that point will be dropped, as we will manually reset the configuration and start fresh. For example, POC customers who start with Radiant-hosted logs will have that data deleted once they switch to bringing their own bucket. We can backfill data by re-ingesting from the tenant’s connectors, but it will require extra time.
Requirements
All you need is an AWS account. There are two things you must do to enable this configuration in AWS:
After this has been completed, you’ll add your bucket configuration in Radiant Security. Before saving the configuration, we’ll check if the bucket is in the us-west-2 region and verify that we have correct permissions. If these verification steps pass, we allow the bucket to be saved. Otherwise, you’ll see an error letting you know that you bucket is not set up correctly. Once the bucket configuration is saved, your log data will immediately start being ingested.
Create an S3 bucket in AWS
Sign in to your AWS Management Console.
Then, navigate to the S3 Service by typing S3 in the search bar. Click S3 to open the S3 dashboard.
Click the Create bucket button and configure the following:
Bucket name: Enter a unique bucket name (e.g.,
my-unique-bucket-name-us-west-2).Region: Choose US West (Oregon) – us-west-2 from the region drop-down menu.
To configure Default encryption, under Encryption type, select Server-side encryption with Amazon S3 managed keys (SSE-S3). Leave Bucket Key as Disabled.
Scroll to the bottom of the page and click Create bucket.
Add a bucket policy
From the S3 dashboard, click on the bucket name you just created.
Go to the Permissions tab within the bucket's dashboard.
Add a bucket policy to allow our cross account role (configured as
Principalin the JSON below) to manage the bucket.Scroll down to the Bucket policy section and click Edit.
In the JSON below, replace the
<s3_bucket_name>with the bucket name you created in the Create an S3 Bucket in AWS section.Copy and paste the bucket policy in the text editor.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RadiantSecurityIngestionFullAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::649384204969:role/radiant_security_ingestion_role"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<s3_bucket_name>",
"arn:aws:s3:::<s3_bucket_name>/*"
]
},
{
"Sid": "RadiantSecurityBYOBBackfillAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::649384204969:role/logmanagement-customers-split-files-backfill-sa-role"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::<s3_bucket_name>",
"arn:aws:s3:::<s3_bucket_name>/*"
]
}
]
}Click Save changes to apply the policy.
Configure Log Management in Radiant Security
Log in to Radiant Security.
From the navigation menu, click Log Management.
From Log Management, click + Add Credentials.
In the side menu, paste the bucket name (not ARN) that you created in the Create an S3 Bucket in AWS section.
Click Add credentials to save the bucket configuration.
Last updated