Page Comparison

...

S3 bucket is created. Please refer the following page to create a S3 bucket. https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html
KMS Key is created. Please refer the following page to create a KMS Key.https://docs.aws.amazon.com/kms/latest/developerguide/asymm-create-keykeys.html.
GuardDuty encrypts the findings data in your bucket by using an AWS KMS key. GuardDuty should have permission to access KMS key.
- Please refer the following page to grant KMS key permission to GuardDuty: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html

...

d. Select KMS encryption and select Key alias.

e. Click Save.

...

If you would like to use SQS, please Please follow below steps to attach SQS to S3:

Follow all steps provided above to store logs in S3 bucket
Create SQS and attach it with S3. Please refer Configuring AWS Simple Queue Service (SQS) with S3 Storage

...

https://docs.aws.amazon.com/general/latest/gr/sqs-service.html

Integration Parameters

S3

...

Property

...

Default Value

...

Description

...

REGION

...

N/A

...

Select the region of your S3 bucket

...

S3 URI

...

N/A

...

The S3 URI to ingest. (It will be a combination of S3 bucket name and prefix. Example: S3://<S3 bucket name>/<prefix>)

...

URI IS A

...

N/A

...

The type of file indicated by the URI. Valid values are:

FILES: The URI points to a single file which will be ingested with each execution of the feed.
FOLDERS: The URI points to a directory. All files contained within the directory will be ingested with each execution of the feed.
- FOLDERS_RECURSIVE: The URI points to a directory. All files and directories contained within the indicated directory will be ingested, including all files and directories within those directories, and so on.

...

SOURCE DELETION OPTION

...

N/A

Whether to delete source files after they have been transferred to Chronicle. This reduces storage costs. Valid values are:

...

SOURCE_DELETION_NEVER: Never delete files from the source.

...

SOURCE_DELETION_ON_SUCCESS:Delete files and empty directories from the source after successful ingestion.

...

SQS
Property
Default Value
Description
REGION
N/A
Select the region of your S3 bucket
QUEUE NAME
N/A
The SQS queue name.
ACCOUNT NUMBER
N/A
The account number for the SQS queue and S3 bucket.
QUEUE ACCESS KEY ID
N/A
This is the 20 character ID associated with your Amazon IAM account.
QUEUE SECRET ACCESS KEY
N/A
This is the 40 character access key associated with your Amazon IAM account.
SOURCE DELETION OPTION
N/A
Whether to delete source files after they have been transferred to Chronicle. This reduces storage costs. Valid values are:
`SOURCE_DELETION_NEVER`: Never delete files from the source.
`SOURCE_DELETION_ON_SUCCESS`:Delete files and empty directories from the source after successful ingestion.
`SOURCE_DELETION_ON_SUCCESS_FILES_ONLY`:Delete files from the source after successful ingestion.
...

Versions Compared

Old Version 4

New Version Current

Key

Integration Parameters

Property	Default Value	Description
REGION	N/A	Select the region of your S3 bucket
QUEUE NAME	N/A	The SQS queue name.
ACCOUNT NUMBER	N/A	The account number for the SQS queue and S3 bucket.
QUEUE ACCESS KEY ID	N/A	This is the 20 character ID associated with your Amazon IAM account.
QUEUE SECRET ACCESS KEY	N/A	This is the 40 character access key associated with your Amazon IAM account.
SOURCE DELETION OPTION	N/A	Whether to delete source files after they have been transferred to Chronicle. This reduces storage costs. Valid values are: `SOURCE_DELETION_NEVER`: Never delete files from the source. `SOURCE_DELETION_ON_SUCCESS`:Delete files and empty directories from the source after successful ingestion. `SOURCE_DELETION_ON_SUCCESS_FILES_ONLY`:Delete files from the source after successful ingestion.