Validate AWS Installs

After connecting any of the cloud features on AWS, check in the Sysdig Secure UI to ensure the components are working as expected.

Log in to Sysdig Secure and check that each module you deployed is functioning. It may take 10 minutes or so for events to be collected and displayed.

Check Overall Connection Status

  • Data Sources: Select Select Integrations > Data Sources | Cloud Accounts to see all connected cloud accounts.

  • Subscription: Select Settings > Subscription to see an overview of your account activity, including cloud accounts.

  • Insights: Check that Insights have been added to your navigation bar. View activity on the Cloud Account, Cloud User, or Composite insight views.

Check CSPM

Check Inventory and filter for account =. Check for your AWS cloud account in the drop-down.

Check Threat Detection

  • Policies and Rules: Check Policies > Runtime Policies and confirm that the Sysdig AWS Threat Detection and Sysdig AWS Threat Intelligence managed policies are enabled.

    • These consist of the most-frequently-recommended rules for AWS and CloudTrail. You can customize them by creating a new policy of the AWS CloudTrail type.
  • Events: In the Events feed, filter for aws.accountid = and check for your cloud account.

  • Force an event: To manually create an event, choose one of the rules contained an AWS policy and execute it in your AWS account.
    ex.: Create a S3 Bucket with Public Access Blocked. Make it public to prompt the event.
    Remember that new rules added to policies require time to propagate the changes.

Check Identity and Access (CIEM)

Go to Home and check the status bar at the top right to see your cloud accounts.