Deploy Flow Logs

CDR allows you to configure flow logs in your TotalCloud account for AWS and Azure. Configuring flow logs allows for deeper analysis into your cloud network to identify indicators of compromise like suspicious processes, registry changes, and file modifications.

Flow Logs configuration for AWS can now be achieved on the new AWS tab. Your earlier deployments can be managed on AWS (Legacy), but new deployments cannot be executed here.

Navigate to Configure > Threat Scanners > Configure Flow Logs to get started.

Configure flow logs by providing the storage account details.

Provide the following input values.

Deployment Name - Provide a unique name to the Flow Logs deployment. Ensure you start the deployment name with the prefix `aws-' or `azure-' for identification.

Subscription ID - Provide the Subscription ID to share the AMI with CDR.

Provide the Flow Log storage information.

Storage Account - Provide the unique storage account name.

Region/Zone - Select the AWS Region or Azure Location to fetch the Flow Logs.

Encryption Key/Connection String - Provide the authentication string required to connect the storage account with TotalCloud.

Click Save to configure the Flow Logs.

Next, you can either launch the stack on your AWS environment to monitor your network or download the Terraform scripts to deploy on your Azure network.