Dome9 SNS Events Integration - How to

In this topic:

    In this ‘how-to’ article explain step by step how to connect your Dome9 events feed into an AWS SNS (Simple Notification Service) topic under your control.

    An intro post can be found here.

    In order to follow this tutorial you’ll need to have access to both AWS and Dome9 consoles.

    Let's start.

    1. Log into your Dome9 Console and go to the account settings page (top right). Click 'Enable'

    2. Now, Log into any AWS account under your control (does not need to be connected to Dome9) and open the Simple Notification Service (SNS) console.

    3. On the SNS Dashboard, Create topic with a unique name and a short descriptive name, Click on Create topic.

    4. Under "Other topic actions", Click on Edit topic policy.

    5. Allow Dome9 to publish events into this topic by allowing this AWS user: 634729597623. Click ‘Update Policy

    6. Copy your topic ARN

    7. Paste the ARN into Dome9 popup and save. Dome9 system will validate it can push notifications into the topic.

    8. That’s it - you should see a success message and your integration marked as ‘enabled’

    Example

    In this example there is a failed logon from a user

    {
      "Type" : "Notification",
      "MessageId" : "6a8f019c-f0de-5c4e-a575-
    5053bd6c6c5a",
      "TopicArn" : "The Topic ARN defined",
      "Subject" : "Failed logon",
      "Message" : "EventType=UserLogOnFailureEvent, FriendlyType=Failed logon, Timestamp=2017-06-29T18:48:17Z, UserId=50462, UserName=User@dome9.com, IPAddr=79.180.119.138",
      "Timestamp" : "2017-06-29T18:48:18.101Z",
      "SignatureVersion" : "1",
      "Signature" : "c/F4hZt0rUYXzeblsuSgYVq8rxTSTF+lmdfVtylCWmHbM8sZE2y0L75Vd7OQ6gMEQ+hYzJ5QQ+kb7U/G/xRw8tK2euxM5XxvO6v7nOqnkl4ecv/CeGf39j2M/6llMEjAiGAbeU8XsY44Nhsyg+TL+LhEGPC/nvcb4IwYpDVv8JnfUfgjRTTuxcE+QFMIpd9LjIKoRFCCjBmGj3m/dGy12T86VViLWO+wzYH92JdEQDuTdiO4DewGQ7U0o5l9NBmL4JUIAzLGAI6wc8CCIy2cyvumXNE0+Iq05x4NCKr8qAtLHtnQ5BkcseWBeqzM3yqQ9YOmlVVDQ+xTPJRs5QJ+Bg==",
      "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-b95095beb82e8f6a046b3aafc7f4149a.pem",
      "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:XXXXXXXXXXXXX"
    }
    
    

    Receiving SNS messages

    These SNS messages can be consumed in different ways. This will be presented in future posts.

    You can read more at: http://aws.amazon.com/sns/faqs/#transports

    How to create an SNS Subscription

    After you create an SNS topic, you must add subscriptions in order to integrate the information to any required endpoints.

    1. In order to add subscriptions click on the SNS topic on the AWS console.

    2. Under Subscriptions click on Create subscription.

    3. Choose the required protocol type.

    4. For example, Email.

      Notice that the subscription ID is Pending Confirmation, the protocol is email and the endpoint is the given email address:

    5. Check your email for a message from "AWS Notification - Subscription Confirmation". In the email, click on confirm subscription link.

      The subscription is confirmed:

      After the confirmation you will see that the subscription ID now has a value.

    Note

    Note - No SNS will be sent to a subscription that it is not confirmed yet.

    See also

    Dome9 SNS Events Integration - How to