🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

S3 Event Archiving

cloud integrations amazon aws s3


The S3 Event Archiving feature allows you to copy event data from the Secureworks® Taegis™ XDR AWS S3 datastore to another datastore located in the same AWS region as the Taegis™ datastore. This is supported in all Taegis instances; our US1 and US2 instances map to the AWS us-east-2 region, and the EU instance maps to the AWS eu-central-1 region. This feature is enabled or disabled on a per-tenant basis, described below. Note that there are some requirements and constraints for feature enablement as follows.

Requirements and Constraints

Enable S3 Event Archiving

To enable S3 Event Archiving for your tenant, as an Administrator, follow these steps:

  1. From Integrations in the left navigation menu, choose Cloud APIs and then select Add API Integration.
  2. Select Set Up AWS Integrations.

Access S3 Event Archiving

Access S3 Event Archiving

  1. From the S3 Event Archiving section, select Setup.
  2. Follow the embedded instructions on the Set up S3 Event Archiving page to complete the enablement process. This requires setting up an AWS S3 bucket within the same Secureworks® Taegis™ XDR S3 bucket region (at this time, us-east-2 and eu-central-1) and creating an IAM role that provides permission for Secureworks® Taegis™ XDR to copy the files into the S3 bucket. Once registration is complete, event archiving starts in approximately 15-20 minutes, after which the files are available in your S3 bucket.

Important

Copies are only permitted within the same region as the Secureworks® Taegis™ XDR instance housing the event data; at this time, us-east-2 (US1 and US2 instances) and eu-central-1 (EU instance) regions are supported.

Enable S3 Event Archiving

Enable S3 Event Archiving

 

On this page: