Welcome to Support Portal

TABLE OF CONTENTS

• Introduction
• Configuring the destination
• Configuring the integration to the destination
• Best practice to integrate other SIEM solutions

Introduction

Aqua can send alerts to AWS SNS endpoints.

This setup requires you to alter the IAM permissions of the cross account role created for Aqua.

You may incur charges through your AWS account for the use of SNS. These charges are independent of Aqua and are pursuant to your AWS rates. To read more, see AWS pricing for SNS.

Configuring this integration requires setup in both systems.

Configuring the destination

Prepare your AWS account to receive alerts from Aqua by performing the following steps.

1. Log into your AWS account and open the SNS Dashboard.
2. Click Topics and Create new topic.

3. Give it a name and description of your choosing.

4. Create the topic and then copy its ARN (e.g "arn:aws:sns:us-east-1:0123456789:cloudsploit-sns").

5. Click on the topic, then click the "Other topic actions" dropdown and select "Edit topic policy".

6. Under Allow these users to publish messages to this topic, enter Aqua's account number next to Only these AWS users.

   • 057012691312

7. Subscribe to your SNS topic with your desired format/transport.

Configuring the integration to the destination

Configure Aqua to send alerts to SNS.

1. Log in to the Aqua console.
2. On the menu on the left, click Integrations.
3. Click Create Integrations button.
4. In the Create New Integration box, enter values for the following fields:
   • Name (of the integration)
   • Integration type, choose one:
     • AWS SNS
   • SNS ARN, which was created in the previous set of steps.
5. Click the "Create Integration" button.

The integration is now available for use.

Best practice to integrate other SIEM solutions

Integrate SIEM solutions by setting up Aqua CSPM to send notifications to AWS SNS. This allows AWS native integrations between SNS and other services like Lambda rather than these services reading data directly from CSPM APIs. 

1. Aqua CSPM sends scan and alerts notifications to AWS SNS.
2. From SNS, the customers can route their requests to services such as AWS Lambda, SQS, and other supported destinations.

SNS is flexible and allows the customers to route the requests to any of the destinations they desire.