MontyCloud DAY2TM can publish relevant audit events based on the user’s activity in your DAY2TM account to a preconfigured CloudTrail Lake in one of your AWS Accounts.
Steps to enable the DAY2TM CloudTrail Lake connector:
To enable the integration, follow the steps below:
1. Login to your MontyCloud DAY2TM account as a Cloud Admin and navigate to Settings --> Connectors.
Figure 1 – List of DAY2TM Connectors
2. From the list of available connectors, select CloudTrail Lake connector.
3. Once the connector view opens, select Connect New button to create a new connection.
Figure 2 – CloudTrail Lake connector view
4. In the new connection screen, provide Name and Description (optional) for your connector. Name acts as a title for this connector and is used to select it in other supported screens.
Figure 3 – New CloudTrail Lake connection details
5. Copy the External ID displayed in the above screen. This will be required at later stage.
Figure 4 – External ID for the integration
You will need the Integration Channel ARN from your AWS account before you can save this connection. Please follow the below steps to obtain the Integration Channel ARN.
6. Login to your AWS Account that you want to use to log the audit events from DAY2TM.
7. Navigate to CloudTrail Lake integrations.
8. Select Available Sources tab.
9. Search for “MontyCloud” (partner)
Figure 5 – AWS CloudTrail Like Integrations view
10. Select Add Integration in the MontyCloud DAY2TM integration card.
11. In the Add Integrationview, do the following:
- Provide a Channel name and ensure the Source is selected as MontyCloud.
Figure 6 – Add Integration view
b.
b. Select Create new event data store as the Delivery Location . Provide an Event data store name, this is just a title for this integration. Select Retention Period as per your organization’s policy.
Figure 7 – Event Delivery details (Add Integration view)
c. In the Resource policy section, provide the External ID copied from the DAY2TM, in Step 5, in the External ID field.
Figure 8 – Resource Policy details (Add Integration view)
d. Add Tags (optional)
Figure 9 - Tags
12. Click Add Integration button to save the changes and create an integration channel.
Figure 11 - Add integration
13. Once the changes are saved, you will see the channel details as below.
Figure 12 - Channel ARN link
14. Copy the integration Channel ARN from the above view.
15. Switch back to the DAY2TM application, Connect New AWS CloudTrail Lake view and paste the copied Channel ARN I the Integration Channel ARN field.
Figure 13 - Channel ARN link
16. Save the configuration by selecting “Connect Now” button on the above page.
Figure 14 - Save Configuration
Here is how we can access these events from AWS console:
You can query the DAY2 TM published events from the CloudTrail Lake just like any other events using SQL-based queries. Below are some of the examples that can be used to query DAY2 TM audits events today:
- Go to the AWS CloudTrail Lake service in your AWS account.
- Choose the event data store you created or used while creating the integration channel.
- Run Query
Note: The event data store ID can be selected from the left side panel as shown in the above image.
Example 1
Select all events from the event store.
Query: SELECT * FROM {event-store-id}
Example 2:
To query a specific type of event published by DAY2TM, please provide a filter on the event name. The following example lists all events from DAY2TM which are related to DAY2TM Task completion in chronological order.
Query:
SELECT eventData.eventname , eventData FROM {event-store-id} WHERE eventData.eventname = 'jobSucceeded' ORDER BY eventTime DESC
Example 3:
To query all the event names with the time it was published.
Query: SELECT eventTime, eventData.eventname FROM {event-store-id}
For more examples, please refer to the AWS CloudTrail Lake query documentation.