Views:

Review required and recommended configuration settings for utilizing the XDR for Cloud - AWS VPC Flow Logs feature.

Before enabling the AWS VPC Flow Logs feature and deploying the stack template, review the following recommendations and requirements for the feature:
  • XDR for Cloud only supports VPC Flow Logs version 5 or later. The feature is designed to ingest all available logs, however, Trend Vision One XDR only supports complete detection capabilities for VPC Flogs Logs version 5 or later.
  • This feature only supports using a destination S3 bucket that is in the same region as the VPC flow log source.
    For example, if the VPC flow log source is in us-east-2, the S3 bucket must also be located in us-east-2.
  • This feature only supports server-side encryption with Amazon S3 managed keys (SSE-S3). This feature does not support any other encryption method.
  • Trend Micro recommends using a 10-minute aggregation interval to help reduce lambda invocations and lower the cost impact of the feature.
  • Trend Micro recommends using text format for your VPC flow logs to reduce lambda execution time and lower to cost impact of the feature.