Skip to main content
McAfee Enterprise MVISION Cloud

Integrate Simple Notification Service

SNS is an AWS service that provides a push messaging service. MVISION Cloud integrates with SNS by allowing configuration audit policy incidents to be sent to SNS. This is achieved on a per audit policy level.

The workflow is:

  1. Create a Topic in SNS. This creates a Topic ARN.
  2. Add a subscriber to the topic.
  3. Add the Topic ARN as a response to the SHN Configuration Audit policy. Think of this as associating a MVISION Cloud policy with an SNS topic.

Prerequisites

Make sure you have configured Amazon SNS in your organization's AWS deployment.

Step 1. Configure SNS for MVISION Cloud

To configure SNS:

  1. Login to your AWS tenant and find the SNS service.
  2. Create a topic. We have used the name MVISION Cloud_Config_Audit_Notifications with a display name of SHN ConAud.
  3. Create a subscription to the topic with the following:
  • Topic ARN: Leave as default
  • Protocol: Email
  • Endpoint: Where you want the notification to be sent.

  1. When you receive a confirmation email to the email address entered above, select the Confirm Subscription link provided.

  1. You receive this confirmation once the link is clicked.

  1. Refresh the SNS subscription page and you will see a Subscription ID.

  1. Copy the Topic ARN. You will enter this later in MVISION Cloud.

Step 2. Configure AWS SNS Permissions

To set up AWS SNS permissions:

  1.  Navigate to IAM and create a policy using the JSON editor, use this permissions set:
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "sns:Publish",
               "sns:Subscribe",
               "sns:Unsubscribe",
               "sqs:ListQueues",
               "sqs:SendMessage",
               "sns:GetTopicAttributes"
           ],
           "Resource": "*"
       }
   ]
}
  • Give the policy the name: "MVISION Cloud_SNS_SQS"
  • Description: Use by MVISION Cloud CASB to allow access to SNS and SQS

2. Navigate to Roles and add the policy to the MVISION Cloud Role.

Step 3. Pair an MVISION Cloud Policy with AWS SNS

Now you can associate a MVISION Cloud Policy with an SNS feed to enable Real-Time Incident Validation.

  1. Navigate to AWS Configuration Audit.
  2. Edit the Unencrypted S3 Buckets policy.
  3. Click Next until you get to the Response for Unencrypted S3 Buckets page. Then click + to add a response.

  1. Select Send to SNS Topic as the response

  1. Enter the SNS Topic ARN as captured earlier.

  1. The response page will now have two actions:

5. Review the policy and make sure the SNS notification is present as a response, and the policy is enabled.

Attach Lambda Functions to SNS Topics

To attach Lambda Functions to SNS topics:

  1. Login to AWS and then navigate to the SNS dashboard. The steps to create an SNS topic are defined above.
  2. From the SNS dashboard, select Subscriptions.

clipboard_e5883d5aac2f70f00a2c5ed879a6d432a.png

 

  1. Select Create Subscription. 
    clipboard_ebb0e131ff3a22bba2aae9d89db56803b.png
  2. In the Create Subscription dialog box, in Topic ARN, enter the SNS Topic ARN that you created in step 2. Then choose Protocol > AWS Lambda. From Endpoint, select the Lambda function ARN you want to trigger through SNS.
    clipboard_e83b0a489937513ec376b5a31cc4aab7f.png
  3. Press Create subscription.

Sample Remediation Scripts

The following sample remediation scripts have been provided as examples of what is possible using Lambda. See the enclosed spreadsheet for information about what each Lambda function does, and the associated JSON and IAM/SNS/Lambda naming standards.

Lambda Remediation Samples.zip

  • Was this article helpful?