With the release of Directory Insights鈩, 黑料海角91入口庐 provided administrators with visibility into the everyday happenings of their cloud-based directory. Directory Insights is a premium 黑料海角91入口 feature that returns event logs and authentications across 黑料海角91入口 endpoints.
Now, we鈥檝e released the to further empower 黑料海角91入口 administrators to expand the use and duration of their Directory Insights data. Using the power of , we鈥檝e provided a quick and easy way for 黑料海角91入口 admins to deploy the infrastructure required to automatically collect and store their Directory Insights data within their own AWS account.
What Does the Serverless App Do?
Once you provide the application with your , how often you’d like your data to be collected (and an Organization ID for our MSP clients out there who use the Multi-Tenant Portal), you’ll be able to hit the 鈥淒eploy鈥 button. After the application has been deployed, you can sit back and relax with the knowledge that AWS will put in all the heavy lifting by provisioning the required resources. At the end of the deployment process, you will have:
- A new S3 bucket to store all of your
- A new secret in AWS Secrets Manager to ensure your 黑料海角91入口 API key stays secure
- A new lambda function, which runs exactly as often as you tell it, to gather your data
- A new role with just enough permission to tie everything together
The application will then run at your specified cadence, gather all of your Directory Insights data since the last time it ran (or since you hit “Deploy” if it is the first time), and package it up nice and neat before sending it to an S3 bucket for safe, long-term storage or for use by other products, such as a log management tool or SIEM. Below, we’ll talk a little bit more about a couple potential use cases for this serverless application.
Directory Insights Serverless Application Use Cases
1. Compliance & Auditing
A common requisite for many industry standards and procedures is access to logs for a time period greater than the 90 days that an admin is able to access their Directory Insights data in the 黑料海角91入口 Admin Portal. Once you’ve deployed this app in AWS, though, you no longer need to worry about regularly backing up your 黑料海角91入口 Directory Insights Data 鈥 it will all be waiting for you in an S3 bucket whenever you need it.
It wouldn’t be a very good “set-it-and-forget-it” solution if you had to check on it regularly to make sure it was doing its job. That鈥檚 why all of the runs of this application are logged in CloudWatch, so you can configure whatever sort of reporting you need and receive alerts whenever there鈥檚 an issue. We’ve also configured a custom CloudWatch metric to log every time the lambda function triggers and there are no events to collect.
2. SIEMs
Another potential use case for the 黑料海角91入口 Directory Insights Serverless application would be to facilitate getting that data into a SIEM. Whether you simply want to aggregate all of your logs in one place or you want to configure reporting on the goings-on in your 黑料海角91入口 directory, this solution is a great option. The files stored in your S3 bucket are compressed into a JSON file containing all the data for the time period specified. Most SIEM suites should be able to ingest and interact with this sort of file, but each SIEM might handle it a little differently so be sure to check out their documentation first. If your SIEM doesn’t accept this file type, don’t hesitate to let us know via a Feature Request through the , and we鈥檒l consider adding other file types.
Maybe this tool doesn鈥檛 fulfill your exact needs, but you鈥檙e not quite sure where to start. In addition to providing this tool in AWS’ Serverless Application repository, we have also provided the and instructions for how to deploy your own Serverless application on our GitHub repository. If you do use this as a jumping off point and make something incredible, we’d love to hear about it!
Learn More
If you don鈥檛 yet have Directory Insights enabled for your organization, you can contact your Customer Success representative or get in touch. Click here to learn more about getting a 360掳 view of employee activity across every endpoint.
