Amazon S3 Connector (Technical Preview)

This connector can be run in the cloud.

The Amazon S3 Outbound Connector allows you to export Ivanti Neurons Audit Trails to an Amazon S3 bucket. Once exported, you can integrate the logs with downstream systems, such as the ELK stack (Elasticsearch, Logstash, and Kibana).

You must use your own S3 bucket within your AWS environment. Ivanti Neurons acts solely as the data exporter.

If you use the ELK stack, you can leverage Logstash or other ingestion mechanisms (such as AWS Kinesis or Lambda) to retrieve the exported files from your S3 bucket. You can then ingest these logs into Elasticsearch for long-term storage, correlation, analysis, and visualization in Kibana.

The Amazon S3 connector is implemented as a scheduled outbound service within the Ivanti Neurons platform, using a secure and programmatic framework.

Authentication: The connector uses your AWS Access Key and Secret Key to authenticate with the Amazon S3 service endpoint. Ensure that these credentials are for an AWS IAM user with S3 PutObject permissions for the specified bucket.

Data Generation: Ivanti Neurons generates audit trail data at the application layer in structured formats, such as CSV or JSON, to support bulk transfer.

Scheduling: The connector service initiates a batch job to package the most recent audit logs according to the configured schedule.

Data Transfer: The connector makes a secure API call to upload data files to your specified S3 bucket URI and region, using your AWS credentials. Data is uploaded as objects to the S3 bucket.

Status Monitoring: The connector service monitors the transfer status and logs outcomes within the Ivanti Neurons platform. This allows you to verify successful export operations.

Follow these guidelines to ensure a secure and seamless export and integration of your Ivanti Neurons Audit Trails with downstream systems.

Options

An Azure Blob Storage connector has the following options:

  • Connector name: A name for the connector.
  • S3 bucket URI: Enter the location of your Amazon S3 bucket where the audit trail data will be stored. For example, s3://my-ivanti-audit-bucket/audit-logs.

  • Region name:Select the AWS region where your S3 bucket is physically located. For example, us-east-1, us-east-2, etc.

  • Access Key: Enter the AWS Access Key ID for the user with S3 write permissions.

  • Secret Key: Enter the corresponding AWS Secret Access Key.

    • It is highly recommended to use an AWS Identity and Access Management (IAM) user with the principle of least privilege, granting only the necessary permissions to write objects to the target S3 bucket.

  • Repeats: How often the Neurons should export audit trail to data to your S3 bucket.
  • Active: Enable or disable the connector. When active, it exports data according to the defined schedule.
  • Test Connections: Click this button to ensure that Ivanti Neurons can successfully connect to your S3 bucket using the provided S3 bucket URI.
  • Click Save.

You can save the connector only after you successfully test the connection.

After Ivanti Neurons begins writing audit logs to your S3 bucket, configure your SIEM solution to ingest the data from that location. Use the ingestion method supported by your specific SIEM platform.

For details on configuring or using connectors, see Connectors.