|   Trend Micro Cloud One™
Open menu

Real-Time Threat Monitoring settings

Location

Main Dashboard > Select {Account} > Settings > Real-time monitoring settings > Update real-time settings

The Real-Time Threat Monitoring (RTM) settings allows you to install or update what is being live monitored in Cloud Conformity - once this stack has been created or modified, any event in the AWS account will be registered on the RTM event dashboard. We provide both Powershell and Bash scripts to set up the monitoring dashboard.

User Access

Real-Time Threat Monitoring Setup Requirements

On Linux you can install through the installer script. The script will download and install the latest version of Cloud Conformity Threat Monitoring on your AWS account.

  • Ensure CloudTrail is enabled. For details, see:CloudTrail Enabled
  • Install the latest(or 2.0.53 and later) AWS Command Line Interface version 2: For details, see: Installing the AWS CLI
  • Export your Access Key and Secret Access Key: For details, see: Configuring the AWS CLI


    export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID

    export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY

The keys used must belong to a user with access to:

  1. AWS CloudFormation
  2. AWS IAM Role
  3. AWS Lambda Function
  4. AWS Events Rule
  5. AWS Lambda Permission

  • Or switch your AWS profile


    export AWS_PROFILE=your-account-profile

Real-Time Threat Monitoring Setup

  1. To create or update Cloud Conformity Threat Monitoring, open a command prompt, copy the specifically generated command line for you and run it on your command line interface.
  2. After finishing the installation, open CloudFromation console (https://console.aws.amazon.com/cloudformation) and verify the status of CloudConformityMonitoring stack is CREATE_COMPLETE or UPDATE_COMPLETE when updating.
    The stack creation might take a while to complete.
  3. The above stack will create a series of CloudWatch Event Rules to monitor changes within your AWS account, and sends them to Conformity to ingest and process. You can view updates on Cloud Conformity in near real-time on the Real-time monitoring dashboard of your Conformity account.

  • You can re-run the same command to update your stack to get the latest updates from Conformity.
  • To delete Conformity Threat Monitoring from your account, open a command prompt or shell and run the following command.

curl -L https://s3-us-west-2.amazonaws.com/cloudconformity/monitoring/uninstall.sh | bash

Set up RTM Event Monitoring Dashboard

  1. You can set up RTM event monitoring dashboard by using:
    1. either Bash script
    2. or Powershell script