Skip to main content
McAfee Enterprise MVISION Cloud

Simple Notification Service Integration

SNS is a service provided by AWS and provides a push messaging service. MVISION Cloud integrates with SNS by allowing configuration audit policy incidents to be sent to SNS. This is achieved on a per audit policy level.

The workflow is:

  1. Topic is created in SNS. This creates a Topic ARN.
  2. A subscriber is added to the topic.
  3. The Topic ARN is added as a response to the SHN configuration audit policy. Think of this as associating a MVISION Cloud policy with an SNS topic.

Prerequisites

Make sure you've configured Amazon SNS in your organization's AWS deployment.

Step 1. Configuring SNS for MVISION Cloud Integration

To configure SNS:

  1. Login to your AWS tenant and find the SNS service.
  2. Create a new topic. We've used the name MVISION Cloud_Config_Audit_Notifications with a display name of SHN ConAud.

  1. Create a new subscription to the topic with the following:
  • Topic ARN: Leave as default
  • Protocol: Email
  • Endpoint: Where you want the notification to be sent.

  1. When you receive a confirmation email to the email address entered above, select the Confirm Subscription link provided.

You will receive this confirmation once the link is clicked.

  1. Refresh the SNS subscription page and you should see a Subscription ID.

  1. Copy the Topic ARN. You will need to enter this later in MVISION Cloud.

Step 2. Set up AWS SNS Permissions

To set up AWS SNS permissions:

  1.  Navigate to IAM and create a new policy using the JSON editor, use this permissions set:
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "sns:Publish",
               "sns:Subscribe",
               "sns:Unsubscribe",
               "sqs:ListQueues",
               "sqs:SendMessage",
               "sns:GetTopicAttributes"
           ],
           "Resource": "*"
       }
   ]
}
  • Give the policy the name: "MVISION Cloud_SNS_SQS"
  • Description: Use by MVISION Cloud CASB to allow access to SNS and SQS

2. Navigate to Roles and add the policy to the MVISION Cloud Role.

Step 3. Pair an MVISION Cloud Policy with AWS SNS

Now you can associate a MVISION Cloud Policy with an SNS feed to enable Real Time Incident Validation.

  1. Navigate to AWS Configuration Audit.
  2. Edit the Unencrypted S3 Buckets policy.
  3. Click Next until you get to the Response for Unencrypted S3 Buckets page. Then click the + button to add a response.

  1. Select Send to SNS Topic as the response

  1. Enter the SNS Topic ARN as captured earlier.

  1. The response page should now how 2 actions:

5. Review the policy and make sure the SNS notification is present as a response, and the policy is enabled.

Attach Lambda Functions to SNS Topics

To attach Lambda Functions to SNS topics:

1. Login to AWS and then navigate to SNS dashboard.

2. Steps to create SNS topic are defined above

3. From SNS dashboard select Subscription from LHS.

clipboard_e5883d5aac2f70f00a2c5ed879a6d432a.png

 

4. Select Create Subscription, dialog box will pop up.

clipboard_ebb0e131ff3a22bba2aae9d89db56803b.png

 

 

5. In Create subscription dialog box, in Topic ARN enter SNS Topic ARN which we have created in step 2, then choose Protocol which in our case is AWS Lambda, from Endpoint select lambda function ARN which you want to trigger through SNS.

clipboard_e83b0a489937513ec376b5a31cc4aab7f.png

 

6. Press Create subscription.

Sample remediation scripts

The following sample remediation scripts have been provided as examples of what is possible using Lambda. Please see the enclosed spreadsheet for information on what each Lambda function does, and the associated JSON and IAM/SNS/Lambda naming standards.

Lambda Remediation Samples.zip

  • Was this article helpful?