Skip to content
/ r7insight_lambdaCW Public

Lambda function for sending AWS CloudWatch logs to Rapid 7

License

MIT license
2 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rapid7/r7insight_lambdaCW

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github
.github
 
 
certifi
certifi
 
 
doc
doc
 
 
.snyk
.snyk
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cortex.yaml
cortex.yaml
 
 
r7insight_lambdaCW.py
r7insight_lambdaCW.py
 
 
setup.cfg
setup.cfg
 
 

Repository files navigation

r7insight_lambdaCW

AWS Lambda function for sending AWS CloudWatch logs to Rapid 7 in near real-time for processing and analysing
Example use cases:

Obtain log token(s)

  1. Log in to your Rapid 7 account
  2. Add a new token based log

Deploy the script on AWS Lambda

  1. Create a new Lambda function using the "Author from scratch" option

  2. Configure function:

    • Give your function a name
    • Set runtime to Python 3.9
    • Leave other options to default

  3. Upload function code:

    • Create a .ZIP file, containing r7insight_lambdaCW.py and the folder certifi
      • Make sure the files and certifi folder are in the root of the ZIP archive
      • Note if you download the .ZIP file directly from GitHub, the contents are inside a subfolder
    • Choose "Upload a .ZIP file" in "Code entry type" dropdown and upload the archive created in previous step

  4. Lambda function handler

    • Change the "Handler" value to r7insight_lambdaCW.lambda_handler

  5. Set Environment Variables:

    • Token value should match UUID provided by Rapid7 UI or API
    • Region should be that of your Rapid7 account
    Key Value
    region eu / us / etc
    token* token uuid
    token_secret_name* the name of a secrets manager secret containing the token uuid

    * Only one of the token or token_secret_name environment variables should be set. If you use token_secret_name, be sure to grant secretsmanager:GetSecretValue to the lambda function's execution role.

  6. Optional configuration (adjust to your needs):

    • Increase memory
    • Increase timeout

  7. Deploy the lambda function

    • At this point you can validate the configuration by sending a test event
    • Select "configure test event" and use "cloudwatch-logs" as the template
    • Send the test event and verify that its contents are forwarded to your log

Configure CloudWatch Stream

  1. Create a new stream:

    • Select CloudWatch log group
    • Navigate to "Subscription filters / Create Lambda subscription filter"

    Stream to Lambda

  2. Choose destination Lambda function:

    • Select the AWS Lambda function deployed earlier from the dropdown menu
    • Optionally configure log formatting and filtering, if needed

  3. Review and start log stream

    • Review your configuration and click "Start streaming" at the bottom of the page

  4. Watch your logs come in:

    • Navigate to your Rapid7 account and watch your CloudWatch logs appear

About

Lambda function for sending AWS CloudWatch logs to Rapid 7

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

44 watching

Forks

12 forks
Report repository

Releases 3

Added SSL Hostname Verification Latest
Jul 5, 2022
+ 2 releases

Packages

No packages published

Contributors 19

+ 5 contributors

Languages