Deploy Flow Logs

CDR allows you to configure flow logs in your TotalCloud account for AWS and Azure. Configuring flow logs allows for deeper analysis into your cloud network to identify indicators of compromise like suspicious processes, registry changes, and file modifications.

Navigate to Configure > Threat Scanners > Configure Flow Logs to get started.

A screenshot of a computer
Description automatically generated

 

Configure flow logs by providing the storage account details.

Provide the following input values.

Deployment Name - Provide a unique name to the Flow Logs deployment. Ensure you start the deployment name with the prefix `aws-' or `azure-' for identification.

Subscription ID - Provide the Subscription ID to share the AMI with CDR.

Provide the Flow Log storage information.

Storage Account - Provide the unique storage account name.

Region/Zone - Select the AWS Region or Azure Location to fetch the Flow Logs.

Encryption Key/Connection String - Provide the authentication string required to connect the storage account with TotalCloud.

Click Save to configure the Flow Logs.

A screenshot of a computer
Description automatically generated

Next, you can either launch the stack on your AWS environment to monitor your network or download the Terraform scripts to deploy on your Azure network.