This page describes the Data Security metrics that are available for your object stores.
Supported Unstructured Data Stores (Object Stores)
Name
Data Store Type
Entity
Module Version
Amazon Simple Storage Service (S3)
Object Store
Bucket
Data Security
Onboard AWS S3 Connections
To onboard AWS S3 connections, follow these guidelines:
An AWS IAM user must have the Listpermission set to S3:ListBucket and S3:Describe.
You must create logging buckets for each region and configure them to the available buckets in that particular region.
If you need to enable sensitive data detection on logging buckets, ensure that the AWS Macie service is enabled and respective jobs are created. Also, ensure that the AWS IAM permission is assigned in order to access AWS Macie.
The Amazon Athena service is activated for querying output logs on configured buckets. You must have a separate Athena bucket per region in order to store query results.
Create and Edit Data Connections
Navigate to Cisco Secure Application > Configure.
Select Cloud Connections.
Click Create and enter:
Connection Name
AWS Account ID
AWS Access Key
AWS Secret Access Key
S3 Access Log Bucket
Athena Output Bucket
Region
Click Create.
Navigate to Cisco Secure Application > Configure.
Select Cloud Connections.
Click the Connection name, then click the edit icon.
Edit the data connection.
Click Save. You will need to re-enter the AWS Secret Access Key.
Navigate Object Stores
On the Cisco Secure Application > Object stores page, you can view these details:
Security Risk: These are the three statuses: Healthy, Warning, Critical.
Name: The name of the object store.
Cloud provider: The third-party cloud provider.
Region: The area and zone of the database.
Overview UI Screenshot
When you click on the name of a specific object store, you can view these details:
