Accenture MDR Quick Start Guide for Alibaba Cloud Firewall
- KS
This quick start guide will help Accenture MDR customers configure Alibaba Cloud Firewall to allow log collection from the Log Collection Platform (LCP).
The document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
LCP | Alibaba Cloud Firewall | TCP/443 | Default Port |
Configuring Alibaba Cloud Firewall
Prerequisite:
Log Audit Service is enabled. Please refer: Enable log collection - Log Service - Alibaba Cloud Documentation Center
RAM user is created. If you are using same RAM user account to configure firewall to log data in log service and API key/secret is sharing with MxDR to pull logs, please provide
AliyunLogFullAccesspermission to the user.If separate RAM user API key & secret are provided to MxDR to query logs from log service, please provide
AliyunLogReadOnlyAccesspermission to the RAM user. Grant a RAM user the permissions to query and analyze logs of Cloud Firewall - Cloud Firewall - Alibaba Cloud Documentation CenterLog analysis feature is enabled. Please refer Enable the log analysis feature - Cloud Firewall - Alibaba Cloud Documentation Center
Device configuration for Log collection:
Please follow below steps to enable log collection on firewall:
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose Log Analysis > Log Analysis.
In the upper-right corner of the Log Analysis page, turn on internet_log.
The log collection feature of Cloud Firewall is enabled. All the traffic logs of Cloud Firewall are automatically imported to a dedicated Logstore.
For sensor configurations, we need details for endpoint, project and logstore. Please follow below steps to get project details:
Log on to the Simple Log Service console.
In the Projects section, you will find a project in the format cloudfirewall-project-<Alibaba_Cloud_account_ID>-<region>
Copy and share the project name.
Note: The standard logstore name for cloud firewall is cloudfirewall-logstore. If your log store name is different than this, do share it with MxDR
Please follow below steps to get endpoint:
An endpoint is a region-specific URL that you can use to access Simple Log Service. Simple Log Service provides endpoints for different network types, such as the Internet or an Alibaba Cloud internal network.
In the Projects section, click the name of the project that you want to manage.
On the Project Overview page of the project, view the endpoints for the region where the project resides.
Please refer following document for more endpoint details:
Endpoints - Log Service - Alibaba Cloud Documentation Center
We also need API Access key and secret for the RAM user. Please follow below steps:
Log on to the RAM console using your Alibaba Cloud account.
In the left-side navigation pane, click Users. On the displayed page, click the target user name to access the user details page
In the User Access Key area, click Create Access Key
After completing the phone verification, on the Create User Access Key page, expand Access Key Details to view the AcessKeyId and AccessKeySecret. Click Save Access Key Information.
Click Authorize on the right of the RAM user to grant permissions
Permissions required:
AliyunLogReadOnlyAccess
Note: After the AccessKey is created, it cannot be viewed in the console. You must copy your AccessKey properly and keep it confidential.
LCP Configuration ParametersÂ
Table 1-2: The Alibaba Cloud Firewall event collector (API - 5075) properties to be configured by MDR are shown in the table.
Property | Default Value | Default Value |
Customer Name | <Custom Value> | Customer name mentioned in the Pre-Installation Questionnaire (PIQ). |
Endpoint | <Custom Value> | Endpoint details mentioned in the Pre-Installation Questionnaire (PIQ). |
Access Key ID | <Custom Value> | Â Access Key ID mentioned in the Pre-Installation Questionnaire (PIQ). |
Access Key Secret | <Custom Value> | Â Access Key Secret mentioned in the Pre-Installation Questionnaire (PIQ). |
Project | <Custom Value> | Project name shared by the customer |
Log Store | cloudfirewall-logstore | If logstore name is different than this, please modify the default value |
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.