- Go to Agent Management >Credential Management
- Select 'Add AWS Key'
- Enter the requested information
- Group
- Key-Id
- Secret-key
- Region
- Click 'Save' to apply
5. Go to Integrations > AWS CloudTrail and select 'on'
6. Enter the settings requested
- S3 bucket name
- AWS Credential group
7. Click update
Troubleshooting
If you do not see any relevant logs coming into your events, follow these steps first:
- In the UI go to Administration > Rule Management > rules search
- In the (rule id) box, search for 80200
- In rule settings, change the level to '1' and then select update
Return to reporting > events search and look for event 80200. If you do not see any recorded after 5 minutes, then proceed to the next step
- Go to Hub Configuration > Hub Configuration > Host Intrusion Detection System > Enable Full Log retention
- Set this option to 'yes' and then click save changes
- Let this setting stand for 1-5 minutes and after that amount of time has passed, change the setting back to 'no' and 'save changes'
4. in the CLI for the HUB go to /var/ossec/logs/archives
5. You should see an archives.log. Please send a copy of this log to support@atomicorp.com so we can review and work with you on a resolution