Skip to main content

Netskope Help

AWS S3 WebTx Plugin for Log Shipper

This document explains how to configure your AWS S3 WebTx integration with the Log Shipper module of the Netskope Cloud Exchange platform. This integration allows pushing web transactions data into AWS S3 buckets. The AWS S3 WebTx plugin support is:

Event Support

No

Alert Support

No

WebTx Support

Yes

Prerequisites
  • A Netskope Tenant (or multiple, for example, production and development/test instances).

  • A Netskope Cloud Exchange tenant with the Log Shipper module already configured.

  • AWS S3 credentials with create/read/write buckets permissions. Obtain your AWS S3 Access key ID and Secret Access Key with permission to read/write on specific buckets or permission to create buckets before proceeding.

Note

Verify your bucket permissions are secure and not set up for open public access. Only allow access to your cloud storage instance from your Cloud Exchange Host and any other addresses that need access.

Workflow
  1. Create a bucket, an IAM policy and user, and get your credentials.

  2. Configure the AWS S3 WebTx plugin.

  3. Configure Log Shipper Business Rules for AWS S3 WebTx.

  4. Configure Log Shipper SIEM mappings for AWS S3 WebTx.

  5. Validate the AWS S3 WebTx plugin.

  1. To create bucket and set required policies, go to your AWS console and log in.

    image1.png
  2. From All Services, select S3.

    image2.png
  3. Click Create Bucket.

    image3.png
  4. Enter a Bucket Name, scroll to the bottom, and click Create Bucket.

    image4.png
  5. Search for your bucket and click on the bucket name to open it.

    image5.png
  6. Click on Permission to open the permission tab and to set a policy.

    image6.png
  7. Click Edit. Under Block public access (bucket settings), uncheck all checkboxes and click Save Changes. When prompted for a confirmation, confirm it, and then click Confirm.

    image7.png
  8. Under the Permissions tab, click Edit in the Bucket Policy section.

    image8.png
  9. Click Policy Generator.

    image9.png
  10. Select S3 Bucket Policy as policy type for Step 1, and Add Statement details for Step 2, and then click Generate Policy.

    • Select Type of Policy: S3 Bucket Policy

    • Effect: Allow

    • Principal: <user-arn>

    • Actions:

      1. GetBucketAcl

      2. GetBucketPolicy

    • ARN: arn:aws:s3:::<bucket-name>

    • Click Add Statement.

    image10.png
    • Select Type of Policy: S3 Bucket Policy

    • Effect: Allow

    • Principal: <user-arn>

    • Actions:

      1. PutObject

      2. PutObjectAcl

    • ARN: arn:aws:s3:::<bucket-name>/*. Be sure to add /* after the second bucket name.

    • Click Add Statement

      image11.png
      image12.png
    • Click Generate Policy.

      image13.png
  11. Add this policy to this textbox.

    {
        "Id": "<policy ID>",
        "Version": "<version>",
        "Statement": [
            {
                "Sid": "<statement ID>",
                "Action": [
                    "s3:GetBucketAcl",
                    "s3:GetBucketPolicy"
                ],
                "Effect": "Allow",
                "Resource": "arn:aws:s3:::<bucket-name>",
                "Principal": {
                    "AWS": [
                        "<user-arn>"
                    ]
                }
            },
            {
                "Sid": "<statement ID>",
                "Action": [
                    "s3:PutObject",
                    "s3:PutObjectAcl"
                ],
                "Effect": "Allow",
                "Resource": "arn:aws:s3:::<bucket-name>/*",
                "Principal": {
                    "AWS": [
                        "<user-arn>"
                    ]
                }
            }
        ]
    }
  12. Scroll to the bottom and click Save Changes.

    image14.png
  1. Go to Policy Generator , select IAM Policy as the policy type, and then click Generate Policy.

    • Select Type of Policy: IAM Policy

    • Effect: Allow

    • AWS Service: Amazon S3

    • Actions:

      1. ListAllMyBuckets

    • ARN: *

    • Click Add Statement.

    image15.png
    • Select Type of Policy: IAM Policy

    • Effect: Allow

    • AWS Service: Amazon S3

    • Actions:

      1. GetBucketAcl

      2. GetBucketPolicy

      3. GetBucketLocation

    • ARN: arn:aws:s3:::<bucket-name>

    • Click Add Statement.

    image16.png
    • Select Type of Policy: IAM Policy

    • Effect: Allow

    • AWS Service: Amazon S3

    • Actions:

      1. PutObject

      2. PutObjectAcl

    • ARN: arn:aws:s3:::<bucket-name>/*

    • Click Add Statement.

    image17.png
    • Click Generate Policy.

    image18.png
  2. Create the policy required IAM, as shown below. Be sure to add /* after the second bucket name.

    {
    	"Id": "<policy ID>",
    	"Version": "<version>",
    	"Statement": [
    		{
    			"Sid": "<statement ID>",
    			"Effect": "Allow",
    			"Action": "s3:ListAllMyBuckets",
    			"Resource": "*"
    		},
    		{
    			"Sid": "<statement ID>",
    			"Effect": "Allow",
    			"Action": [
    				"s3:GetBucketAcl",
    				"s3:GetBucketPolicy",
                               "S3:GetBucketLocation"
    			],
    			"Resource": "arn:aws:s3:::<bucket-name>"
    		},
    		{
    			"Sid": "<statement ID>",
    			"Effect": "Allow",
    			"Action": [
    				"s3:PutObject",
    				"s3:PutObjectAcl"
    			],
    			"Resource": "arn:aws:s3:::<bucket-name>/*"
    		}
    	]
    }
  3. Go to AWS Console and select IAM from All Services. Click Policies in the left panel, and then click Create Policy.

    image2.png
    image19.png
  4. Copy that policy to the JSON tab. Click Next:Tags, and then click Next:Review.

    image20.png
  5. Enter a name and click Create Policy.

    image21.png
    image22.png
  1. To create an IAM User, and get the Access ID and Secret Access Key, go to the AWS Console and select IAM from All Services.

    image2.png
  2. Click Users in the left panel.

    image23.png
  3. Click Add Users.

    image24.png
  4. Enter a user name and click Next:Permissions.

    image25.png
  5. Click Attach existing policies directly (the policy created earlier) and click Next.

    image26.png
  6. Review your choices and click Create User.

    image27.png
    image28.png
  7. Search for a user and click on it.

    image29.png
  8. Click Security Credentials and scroll down to Access Keys.

    image30.png
  9. Click Create access key, select Other, and then click Next.

    image31.png
  10. Add a description and click Create access key.

    image32.png
  11. Copy the Access Key ID and Secret Access Key.

    image33.png

The account that owns the access keys should have the below policy.

To set a bucket policy from the AWS CLI
aws s3api put-bucket-policy --bucket MyBucket --policy file://policy.json

policy.json:

{
    "Policy": {
        "Version": "<version>",
        "Statement": [
            {
                "Sid": "<statement ID>",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "<user-arn>"
                },
                "Action": [
                    "s3:GetBucketAcl",
                    "s3:GetBucketPolicy"
                ],
                "Resource": "arn:aws:s3:::<bucket-name>"
            },
            {
                "Sid": "<statement ID>",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "<user-arn>"
                },
                "Action": [
                    "s3:PutObject",
                    "s3:PutObjectAcl"
                ],
                "Resource": "arn:aws:s3:::<bucket-name>/*"
            }
        ]
    }
}

To set an IAM policy from the AWS CLI
aws iam put-user-policy --user-name <username> --policy-name <policy_name> --policy-document file://iam_policy.json
iam_policy.json:

{
    "Policy": {
        "Version": "<version>",
        "Statement": [
            		     {
                "Sid": "<statement ID>",
                "Effect": "Allow",
                "Action": "s3:ListAllMyBuckets",
                "Resource": "*"
            },
            {
                "Sid": "<statement ID>",
                "Effect": "Allow",
                "Action": [
                    "s3:GetBucketAcl",
                    "s3:GetBucketLocation",
                    "s3:GetBucketPolicy"
                ],
                "Resource": "arn:aws:s3:::<bucket-name>"
            },
            {
                "Sid": "<statement ID>",
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:PutObjectAcl"
                ],
                "Resource": "arn:aws:s3:::<bucket-name>/*"
            }
        ]
    }
}
  1. In Cloud Exchange, go to Settings > Plugins.

  2. Search for and select the AWS S3 WebTx box to open the plugin creation pages.

    image34.png
  3. Enter a Configuration Name.

  4. Click Next.

    image35.png
  5. Enter AWS Access Key ID: AWS S3 access key id for AWS S3 authentication.

  6. Enter AWS Secret Access Key: AWS S3 secret access key for AWS S3 authentication.

  7. Select Region Name: Region name to get AWS S3 Bucket from.

  8. Enter Bucket Name: Bucket Name in which the data object will be stored.

  9. Enter Object prefix: It will be added to the Object key name while ingesting web transactions to AWS S3 bucket.

  10. Enter Maximum File Size: Maximum size of WebTx data object to be stored in the bucket. (Value should be between 0 to 100.)

  11. Enter Maximum Duration: Maximum duration after which the WebTx data object should be stored in the bucket.

    image37.png

    Note

    Maximum File Size and Maximum Duration whichever hits the first, data will be exported according to that.

  12. Click Save.

    image38.png
  1. Go to Log Shipper > SIEM Mappings and click Add SIEM Mapping.

  2. For source, select the Netskope WebTx configuration.

  3. For destination, select the AWS S3 WebTx configuration.

    image39.png
  4. Click Save.

To validate the plugin workflow, you can check from Netskope Cloud Exchange and from AWS CLI.

To validate from Netskope Cloud Exchange,

  • Go to Logging.

    image8.png

To validate from the AWS CLI.

  1. Install AWS CLI in your machine.

    (Reference: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html)

  2. Configure AWS CLI in your machine.

    (Reference: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html)

  3. Use these commands to view buckets and objects.

  4. To list all the buckets.

    aws s3 ls
  5. To list all the objects in a bucket.

    aws s3 ls s3://<bucket_name>
  6. To download an object from a bucket to a local machine.

    aws s3 cp s3://<bucket_name>/<object_path> <local_path>

If you receive the Provided bucket name already exists at a different region. Please try with a different name or use the correct region. error while upgrading the plugin, follow the below steps.

image42.png
  1. Click Skip.

  2. Go to the Configured plugin.

  3. Click Edit.

  4. Select the actual region in which the bucket is present.

  5. Click Save.

  6. When successful, save and enable the plugin.