AlienVault® USM Anywhere™

Set Up an Amazon SNS Topic

When using Amazon Simple Notification Service (SNS), you create a topic and control access to it by defining policies that determine which publishers and subscribers can communicate with the topic. As a publisher, USM Anywhere can then send messages (notifications) to topics for which it has the needed credentials (access key).

According to the Amazon Web Services (AWS) Documentation, when an Amazon SNS topic has an AWS Lambda function subscribed to it, it invokes the AWS Lambda function with the payload of a published message. The AWS Lambda function receives the message as an input parameter. It can manipulate the information in the message, publish the message to other Amazon SNS topics, or send the message to other AWS services.

To set up an Amazon SNS topic for USM Anywhere notifications

  1. Log in to your AWS account and go to the Amazon SNS console.
  2. Create a new Amazon SNS topic in the AWS SNS dashboard page:

    • Click Topics.
    • Click Create topic.
    • Enter a topic name and a display name.
    • Click Create topic.

To create an AWS Lambda function for USM Anywhere notifications

  1. Open the AWS Lambda page and click Create a function.
  2. Click Author from scratch.
  3. Create a new AWS Lambda function:

    • Enter a name.
    • In the Runtime menu, select the current version of Python.
    • In the Execution Role section, create a new role with basic AWS Lambda permissions, use an existing role, or create a new role from AWS policy templates.

    • Click Create Function.

  4. Assign it to the Amazon SNS topic:
    • Click Add Trigger.
    • Select SNS from the list.
    • Enter the Amazon Resource Name (ARN) of the Amazon SNS topic your created.
    • Select Enable Trigger.
    • Click Add.
  5. Select the AWS Lambda function:

    • Enter the following code to send the populated fields from an alarm or event in USM Anywhere:

      import json

      def lambda_handler(event, context):

      message = json.loads(event['Records'][0]['Sns']['Message'])

      print("JSON: " + json.dumps(message))

      return message

      Note: AT&T Cybersecurity cannot provide a list of fields specific to Amazon SNS because the list varies depending on each data source.

    • Under Basic settings, set Timeout to 10 seconds.
    • Click Save.

Next...

If not done already, you need to create an access key in AWS for USM Anywhere to communicate with the AWS APIs.