Skip to main content
Sumo Logic

Collect Data for the Amazon Inspector App - Classic

This page provides instructions for configuring data collection for the Amazon Inspector App.

Step 1: Configure Collection in Sumo Logic

To collect data for the Amazon Inspector App, do the following:

  1. Configure a Hosted Collector.
  2. Configure an HTTP Source.

Step 2: Configure Amazon Inspector

On Amazon Inspector, perform these tasks under the same AWS region:

  1. Create an Amazon SNS topic to receive assessment template events.
  2. Configure the Amazon Inspector to send findings to the SNS topic.
  3. Create an appropriate role to execute a Lambda function and read Inspector data.
  4. Set up a Lambda function to fetch data and send to the Sumo Logic HTTP Source endpoint.

Details are provided in the following sections. 

Step 3: Create an Amazon SNS Topic

  1. Log in to the Amazon Console.
  2. Click Services. In the dropdown go to Application Integration > Simple Notification Service (SNS).
    Step3_1.png
  3. On the SNS Dashboard, select  Topics on the left side.
    Step3_2.png
  4. A new window opens, select Create topic button.
  5. In the new window, enter the following details:
    • Name: Enter a topic name.
    • Access Policy: Select Advance.
    • JSON Editor: Replace the existing text with the following.

{"Version": "2008-10-17",
 "Id": "inspector-sns-publish-policy",
 "Statement": [
   {
     "Sid": "inspector-sns-publish-statement",
     "Effect": "Allow",
     "Principal": {
       "Service": "inspector.amazonaws.com"
     },
     "Action": "SNS:Publish",
     "Resource": "arn:aws:sns:*"
   }
 ]
}

Step3_3.png

  1. Click Create Topic button.

Step 4: Configure Amazon Inspector

  1. In the Amazon Console, click Services. In the opened dropdown, go to Security, Identity & Compliance > Inspector.
  2. Select assessment templates on the left side.
    Step4_2.png
  3. A new window opens, select each assessment template you want to monitor.
  4. Expand each row and find the section called SNS topics.
    amazon_inspector_app_configure_inspector.png
  5. Click the Edit icon and select the SNS topic you created in the previous section.
    amazon_inspector_app_sns.png
  6. Click Save.

Step 5: Create a Role

  1. In the Amazon Console, click Services. In the opened dropdown, go to Security, Identity & Compliance > IAM.
  2. Select Roles on the left side. A new window open, click the Create role button.
    Step5_1.png
  3. Select Lambda and then click Next: Permissions button.
    Step5_2.png
     
  4. In the Attach permissions policy section, search and select AWSLambdaBasicExecutionRole and AmazonInspectorReadOnlyAccess policies.
  5. Select Next: Tags button.
    Step5_3.png
  6. Select Next: Review button.
  7. In the Review section, Enter the role name Lambda-Inspector and click the Create role button.
    Step5_4.png

Step 6: Create a Lambda Function

  1. In the Amazon Console, click Services. In the opened dropdown, go to Compute > Lambda.
  2. Click Create function button.
  3. In the Author from Scratch section:
    • Function name: Enter function name.
    • Runtime: Select the Python 3.7 runtime.
    • Choose or create an execution role: Select Use an existing role radio button. Select the role created in Step 5.
  4. Click Create function button.
    Step6_1.png
  5. Click the Add trigger button.
    • Select SNS Service.
    • Select the SNS topic you created in create an Amazon SNS Topic as trigger.
  6. Click the Add button.
    Step6_2.png
  7. Click the Function name and go to the Function code section.
  8. Go to https://raw.githubusercontent.com/SumoLogic/sumologic-aws-lambda/main/inspector/python/inspector.py and copy-paste the code in the editor.
  9. Edit the code to enter the URL of the Sumo Logic endpoint ( line 14) that will receive data from the HTTP Source. 

  10. Click Save at the top.
    Step6_3.png

  11. Scroll down and go to Edit basic settings and configure the rest of the settings as follows:

    • Handler: lambda_function.sumo_inspector_handler 

    • Memory (MB): 128

    • Timeout: 10 minutes 
      Step6_4.png

  12. Click Save.

Sample Log

Amazon Inspector CreateResourceGroup action:


    {
    "eventVersion": "1.03",
    "userIdentity": {
        "type": "AssumedRole",
        "principalId": "AIDACKCEVSQ6C2EXAMPLE",
        "arn": "arn:aws:iam::444455556666:user/Alice",
        "accountId": "444455556666",
        "accessKeyId": "AKIAI44QH8DHBEXAMPLE",
        "sessionContext": {
            "attributes": {
                "mfaAuthenticated": "false",
                "creationDate": "2016-04-14T17:05:54Z"
            },
            "sessionIssuer": {
                "type": "Role",
                "principalId": "AIDACKCEVSQ6C2EXAMPLE",
                "arn": "arn:aws:iam::444455556666:user/Alice",
                "accountId": "444455556666",
                "userName": "Alice"
            }
        }
    },
    "eventTime": "2016-04-14T17:12:34Z",
    "eventSource": "inspector.amazonaws.com",
    "eventName": "CreateResourceGroup",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "205.251.233.179",
    "userAgent": "console.amazonaws.com",
    "requestParameters": {
        "resourceGroupTags": [
            {
                "key": "Name",
                "value": "ExampleEC2Instance"
            }
        ]
    },
    "responseElements": {
        "resourceGroupArn": "arn:aws:inspector:us-west-2:444455556666:resourcegroup/0-oclRMp8B"
    },
    "requestID": "148256d2-0264-11e6-a9b5-b98a7d3b840f",
    "eventID": "e5ea533e-eede-46cc-94f6-0d08e6306ff0",
    "eventType": "AwsApiCall",
    "apiVersion": "v20160216",
    "recipientAccountId": "444455556666"
}