Validate AWS Installs
Log in to Sysdig Secure and check that each module you deployed is functioning. It may take 10 minutes or so for events to be collected and displayed.
Check Overall Connection Status
Data Sources: Select Select
Integrations > Data Sources | Cloud Accountsto see all connected cloud accounts.
Settings > Subscriptionto see an overview of your account activity, including cloud accounts.
Insights: Check that Insights have been added to your navigation bar. View activity on the Cloud Account, Cloud User, or Composite insight views.
Check Inventory and filter for
account =. Check for your AWS cloud account in the drop-down.
Check Threat Detection
Policies and Rules: Check
Policies > Runtime Policiesand confirm that the
Sysdig AWS Threat Detectionand
Sysdig AWS Threat Intelligencemanaged policies are enabled.
- These consist of the most-frequently-recommended rules for AWS and CloudTrail. You can customize them by creating a new policy of the AWS CloudTrail type.
Events: In the Events feed, filter for
aws.accountid =and check for your cloud account.
Force an event: To manually create an event, choose one of the rules contained an AWS policy and execute it in your AWS account.
ex.: Create a S3 Bucket with Public Access Blocked. Make it public to prompt the event.
Remember that new rules added to policies require time to propagate the changes.
Check Identity and Access (CIEM)
Go to Home and check the status bar at the top right to see your cloud accounts.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.