EagleEye – Live Monitoring Setup

EagleEye is a robust security monitoring capability that shields your cloud infrastructure from security threats and compliance risks with real-time continuous monitoring and threat alerts. EagleEye helps you achieve data loss prevention, threat monitoring, compliance management, and track security risks across your AWS (Amazon Web Services). (Coming soon for MS Azure & Google Cloud)

EagleEye Flowchart

Note: EagleEye now supports EC2 alerts too, although the changes made in EC2 should be within the same region where the stack has been deployed. Also, we have added an SQS in the eagle eye stack so that all the events generated within a time frame are filtered and only relevant critical alerts are notified to the users.

To enable Live Monitoring (EagleEye):

1. Click on Cloud Accounts in your Cloudnosys Dashboard

2. Navigate to the account in which you want to enable live monitoring and click the Disabled button.

3. It would take you on the **Real-Time Threats Alert** Screen.

4. The very first step in enabling Live Monitoring is to create two IAM roles, namely; Administrator Role and Execution Role.

5. Click on the administrator Role button, it would automatically start downloading the file.

6. Log into your AWS console using URL https://console.aws.amazon.com
7. Write “CloudFormation” in the search bar.

8. Click on Create stack button and the ‘Create Stack’ screen would appear.
9. Click on Choose File button and attach the recently downloaded administrator policy. Click Next.

10. In the next screen that appears, specify a particular name to your stack name and click Next.

11. Click the Next button Configure Stack Options screen.

12. In the review screen, click on the checkbox under the capabilities heading and click Create Stack.

13. After the successful creation of your administrator stack, move to your Cloudnosys tab and click on the Execution Role button to download the execution policy & click Next.

14. Navigate to the AWS console and click on the Create stack button to create a stack for the execution role.

15. Click on the Choose File button, select the recently downloaded execution policy, and click Next.

16. Specify a name and account ID to your Stack in the next screen and click Next.

17. Click the Next button on the Configure Stacks Options screen.

18. In the review screen, click on the checkbox under the Capabilities section and click the Create stack button.

19. Move to your Cloudnosys dashboard and click on Next.

20. In the next screen on Cloudnosys dashboard, click on Download Template.

21. Now navigate to your AWS Console, click on CloudFormation, a drop-down menu would appear, select Stack sets.

22. Click on the Create stack button.

23. Click on the checkbox “upload Amazon S3 template”. Click on the Browse button to attach the template (you just downloaded it from Cloudnosys dashboard) then click Next.

24. Specify StackSet details and click Next

25. Click the Next button on the Configure Stacks Options screen. In “Set Deployment Options”, enter a valid account ID.

Note: Enter the Target Account ID if creating Role for another account, else enter your own Account ID.

26. Select your desired Region from the drop-down and click Add.

27. Click Next on the Options screen.

28. In the review screen, click on the checkbox under the capabilities heading and click Submit Button.

29. After success, move to your Cloudnosys dashboard at the “Create StackSet” screen, here you can select the time interval for generating alerts:

30. Select interval, then Click Next & then Done on the finish screen.

31. Go to your Cloud Accounts screen on Cloudnosys dashboard, the status of live monitoring would be changed to Pending, and after few minutes (time depends on regions selected), it would change to Enabled.

32. Once the EagleEye becomes Enabled, you will be receiving notifications of any modifications in the cloud infrastructure!

33. Now you can choose from our two new options while checking the Disable boxes, as shown below:

  • Disable Temporarily:  It works for pausing this feature from real-time alerts and can be resumed back just by clicking on the enable button.
  • Disable Permanently: This option completely stops the alerts from being generated for which the user has to delete the stack and follow the initial steps to deploy it again and then enable the EagleEye feature.