EagleEye – Live Monitoring Setup

EagleEye is a robust security monitoring capability that shields your cloud infrastructure from security threats and compliance risks with real-time continuous monitoring and threat alerts. EagleEye helps you achieve data loss prevention, threat monitoring, compliance management and track security risks across your Amazon Web Services, Microsoft Azure environments and Google Cloud Platform.

EagleEye Flowchart

Note: EagleEye now supports EC2 alerts too, although the changes made in EC2 should be within the same region where the stack has been deployed. Also we have added an SQS in the eagle eye stack so that all the events generated within a time frame are filtered and only relevant critical alerts are notified to the users.

To enable Live Monitoring (EagleEye):

1. Click on Cloud Accounts in your Cloudnosys Dashboard

2. Navigate to the account in which you want to enable live monitoring and click Disabled button.

3. It would take you on **Real Time Threats Alert** Screen.

4. The very first step in enabling Live Monitoring is to create two IAM roles, namely; Administrator Role and Execution Role.

5. Click on administrator Role button, it would automatically start downloading the file.

6. Log into your AWS console using URL https://console.aws.amazon.com
7. Write “CloudFormation” in search bar.

8. Click on Create stack button and ‘Create Stack’ screen would appear.
9. Click on Choose File button and attach the recently downloaded administrator policy. Click Next.

10. In the next screen that appears, specify a particular name to your stack name and click Next.

11. Click Next button Configure Stack Options screen.

12. In review screen, click on the checkbox under capabilities heading and click Create Stack.

13. After the successful creation of your administrator stack, move to your Cloudnosys tab and click on the Execution Role button to download the execution policy.

14. Navigate to AWS console and click on the Create stack button to create a stack for the execution role.

15. Click on the Choose File button, select the recently downloaded execution policy, and click Next.

16. Specify a name and account ID to your Stack in the next screen and click Next.

17. Click the Next button on the Configure Stacks Options screen.

18. In the review screen, click on the checkbox under the Capabilities section and click the Create stack button.

19. Move to your Cloudnosys dashboard and click on Next.

20. In the next screen on Cloudnosys dashboard, click on Download Template.

21. Now navigate to you AWS Console, click on CloudFormation, a drop-down menu would appear, select Stack sets.

22. Click on the Create stack button.

23. Click on the checkbox “upload Amazon S3 template”. Click on Browse button to attach the template (you just downloaded from Cloudnosys dashboard) then click Next.

24. Specify StackSet details and click Next

25. Click the Next button on the Configure Stacks Options screen. In “Set Deployment Options”, enter a valid account ID.

Note: Enter the Target Account ID if creating Role for another account, else enter your own Account ID.

26. Select your desired Region from the drop-down and click Add.

27. Click Next in Options screen.

28. In the review screen, click on the checkbox under the capabilities heading and click Submit Button.

29. After success, move to your Cloudnosys dashboard tab and click Next in Create Stack set screen.

30. Click Done on the finish screen.

31. Go to your Cloud Accounts screen on Cloudnosys dashboard, the status of live monitoring would be changed to Pending, and after few minutes (time depends on regions selected), it would change to Enabled.

32. Once the EagleEye becomes Enabled, you will be receiving notifications of any modifications in the cloud infrastructure!

33. Now you can choose from our two new options while checking the Disable boxes, as shown below:

  • Disable Temporarily:  It works for pausing this feature from real time alerts and can be resumed back just by clicking on the enable button.
  • Disable Permanently: This option completely stops the alerts from being generated for which the user has to delete the stack and follow the initial steps to deploy it again and then enable the EagleEye feature.