Setting up SIEM Integration with Trustd MTD

Step 1: Create S3 Bucket

  1. Login to AWS and navigate to S3
  2. Click “Create Bucket”
  3. Name the bucket (e.g. “COMPANYNAME-trustd-mtd-siem”)
  4. Select the preferred AWS region (e.g. EU-West-2)
  5. Click “Create Bucket”

Step 2: Create IAM User

  1. Still in AWS and navigate to IAM > Users
  2. Click “Add User”
    1. Username: TrustdMTDSIEMUser
    2. Credential Type: Access key – Programmatic access
  1. Click next
  2. Under “Permissions Policies”, click “Attach existing policies directly” 
  3. Click “Create Policy”:
    1. Service: S3
    2. Actions: Write > PutObject
  1. Resources:Specific
    1. Object: 
      1. Bucket Name: The S3 Bucket’s name created in step 1
      2. Object name: any
  1. Click “Next” 
  2. Click “Next”
  3. Name the policy (e.g. “TrustdMTDSIEMLogsS3PutObjects”)
  4. Click “Create”
  5. Back in the IAM User Creation wizard, type the name of the policy into the search bar and press the Refresh button at the upper right corner of the policies table
  6. Select the policy you created 
  7. Click “Next”
  8. Click “Next:Review”
  9. Click “Create”
  10. Record the “Access Key ID” and “Secret Access Key” as you’ll need these for the next step.

Step 3: Configure Trustd MTD to put logs into the S3 Bucket

  1. Login to Trustd MTD and navigate to Settings > Integrations
  2. Select the S3 Region ad defined in step 1
  3. Enter the S3 Access and Secret Keys as recorded in Step 2

Step 4: Configure your SIEM solution to collect logs from the S3 bucket.

  1. Follow the steps from your SIEM solution vendor to collect logs from the target S3 bucket.