search
Ctrlk

Get Started

Welcome to the DataDefender portal! Assuming you are already logged in to the DataDefender solution, all you need to get started is to link AWS accounts for us to ingest.

If you have not yet subscribed to DataDefender, please do so by following the instructions at Subscribing to DataDefender.

hashtag
Linking Accounts

To get started, you will deploy our CloudFormation stack into the first AWS account which you would like to us to ingest data from, confirm the stack creation in DataDefender, and we'll begin ingesting data. You can link as many AWS accounts as you would like using the following method.

Linking an Account is a 4-5 step process. This page will detail how to complete each step.

  • Initiate Deployment from DataDefender

  • Configure and deploy CloudFormation stack from AWS

  • Add SQS Permissions and set up Event Notification (If using Activity Monitor)

  • Link the stack to DataDefender

  • Confirm Deployment

hashtag
1. Initiate Deployment from DataDefender

In order to do this, navigate to Settings > Linked Accounts and click the "Link New Account" button.

The following form will assist in linking an AWS Account.

hashtag
Account Details

  • Enter the Account ID of your AWS account.

    1. To find your account id, sign in to the AWS Management Console, click your account name in the top-right corner. Your 12-digit Account ID will display within this dropdown.

  • Optionally, add an Account Name.

    1. We recommend you add the friendly name of your account, but this can be whatever you would like that will help you identify this account later.

    2. This name can be changed at any time if you’d like.

hashtag
Inventory Selection

  • Select the AWS Services that you would like us to collect and protect.

    1. Selecting a service will ensure the required permissions are deployed by the CloudFormation stack for us to retrieve its data. These permissions can be modified at any time.

    2. Selecting 'Security Checks' allows us to run configuration checks against your account to identify misconfigurations and compare your account against data security best practices.

hashtag
File Scanning

  • File Scanning allows DataDefender to scan and classify your data to find sensitive files. DataDefender will be granted ECS deployment permissions into select regions. Data scanned will never leave the region where it resides in.

hashtag
Activity Monitoring

  • Activity Monitoring allows DataDefender to ingest CloudTrail and/or S3 Server Access Logs. For each type of activity monitor (CloudTrail, S3 Server Access Logs) we require one S3 bucket already set up with logs directed into them for the Application to ingest logs. DataDefender uses this information in its Monitoring and File Access Report features. Please refer to the Configuring CloudTrail Log Bucket and Configuring Server Access Log Bucket sections for more details.

  • Copy the full S3 bucket ARN for your desired log repository buckets and paste into the appropriate field.

hashtag
2. Configure and deploy CloudFormation stack in AWS

Select 'Launch CloudFormation'. It will bring you to an AWS Login where you will need to sign in to the account where you wish to deploy our stack.

Once signed in, you'll be brought to CloudFormation's 'Quick create stack' menu.

CSS CloudFormation Stack

Linked Account Stack Parameters

Currently, we have 13 parameters that you can configure to deploy our stack. Most settings are already created from the form from the previous step. Here is each parameter and its function:

Parameter
Function
Example Values

Stack Name

What your stack will be named

my-stack

ActivityMonitoringCloudTrailQueueName

Optional; name to give the created Activity Monitoring SQS queue.

datadefender-activity-monitoring-ct

ActivityMonitoringCloudTrailS3BucketArn

The ARN of the S3 bucket that CloudTrail events are logged to.

arn:aws:s3:::example

ActivityMonitoringS3ServerAccessLogsBucketArn

The ARN of the S3 bucket that S3 server access logs are logged to.

arn:aws:s3:::example

ActivityMonitoringS3ServerAccessLogsQueueName

Optional; name to give the created Activity Monitoring S3 Server Access Logs SQS queue.

datadefender-activity-monitoring-sal

ConnectionManagementType

Whether the connection is self-managed or is a manager of other connections.

Self, Managed

EnableActivityMonitoringCloudTrailFeatureSet

Pick Yes if you would like to enable the activity monitoring feature set for a CloudTrail event source.

Yes, No

EnableActivityMonitoringS3ServerAccessLogsFeatureSet

Pick Yes if you would like to enable the activity monitoring feature set for a S3 Server Access Logs event source.

Yes, No

EnableEBSInventoryFeatureSet

Pick Yes if you would like to enable the EBS Inventory feature set.

Yes, No

EnableFileSystemsInventoryFeatureSet

Pick Yes if you would like to enable the File Systems Inventory feature set.

Yes, No

EnableS3InventoryFeatureSet

Pick Yes if you would like to enable the S3 Inventory feature set.

Yes, No

EnableSecurityChecksFeatureSet

Pick Yes if you would like to enable the security checks feature set.

Yes, No

IamRoleNameSuffix

Optional; suffix to include in the created IAM role. May be required if there are IAM role name conflicts.

CloudStorageSec

IdentityProviderUrl

The URL of the Cloud Storage Security identity provider to verify the identity when assuming the role. Do not include https:// in the URL. This does not have to be modified.

auth.datadefender.io/realms/datadefender

After you are satisfied with your parameters, select 'I acknowledge that AWS CloudFormation might create IAM resources with custom names.' and deploy the stack.

hashtag
3. Set up Event Notification

circle-info

This section only applies if you are using the Server Access Logs or CloudTrail functionality.

hashtag
Event Notification

For each type of bucket you've set up (Server Access Logs bucket, CloudTrail bucket):

Go to the S3 Bucket that the SQS Queue corresponds to and navigate to Properties. Under 'Event Notifications', click 'Create Event Notification'.

In the settings:

  1. Set an Event name of your choosing.

  2. Ensure that 'All object create events' are checked.

  3. Set destination as SQS queue, and specify the corresponding SQS queue that was created.

  4. Select 'Save changes'.

hashtag
4. Link the Stack to DataDefender

Go to the deployed CloudFormation stack and open the Outputs tab. You should see three outputs if you are using both the Activity Monitoring and Server Access Logs features. Otherwise, you'll just see one output.

  • For all deployments, copy the ARN of the Cross-Account IAM Role.

  • If you also enabled Activity Monitoring – S3 Server Access Logs and Activity Monitoring – CloudTrail Feature Set, copy the values of the respective queues as well.

Cross-Account Role ARN

Now, return to the DataDefender portal and complete the following steps:

  1. Leave the CloudFormation stack name and region as they appear (these are the stack name and region used in the previous deployment).

  2. Paste the Cross-Account IAM Role ARN into the AWS Role ARN field.

If you enabled Activity Monitoring with CloudTrail or S3 Access Logging, complete Configure Activity Monitoring. (Otherwise, disable both CloudTrail and S3 Server Access Logs checkboxes and skip this step.)

  • Paste the CloudTrail Queue value from the Outputs into the CloudTrail queue name field, and select the region where the queue resides.

  • Paste the S3 Access Logging Queue value from the Outputs into the S3 queue name field, and select the region where the queue resides.

Click 'Complete Setup' to finalize your account linkage.

hashtag
5. Confirm Deployment

Your stack should now be linked. Verify in the 'Linked Accounts' section for the green check symbol under 'Credential Status' alongside your alias.

hashtag
Using the Product

Now that you have data flowing into your account, you are free to start using DataDefender! For explanations of the DataDefender Portal, head on over to the Portal Overview page.

NextSubscribing to DataDefender

Last updated