falcon-integration-gateway

AWS Backend

Integration with AWS Security Hub.

Single Falcon Integration Gateway can be used to send reports from all AWS regions to single AWS Security Hub region.

[!NOTE] Currently, this backend only supports sending detection events that originate from AWS to Security Hub.

Example Configuration file

config/config.ini configures Falcon Integration Gateway. Below is a minimal configuration example for AWS:

[main]
# Cloud backends that are enabled. The gateway will push events to the cloud providers specified below
backends=AWS

[aws]
# AWS section is applicable only when AWS backend is enabled in the [main] section.

# Uncomment to provide aws region. Alternatively, use AWS_REGION env variable
#region=eu-west-1

Developer Guide

• Build the image

  docker build . -t falcon-integration-gateway
  

• Run the application

  docker run -it --rm \
      -e FALCON_CLIENT_ID="$FALCON_CLIENT_ID" \
      -e FALCON_CLIENT_SECRET="$FALCON_CLIENT_SECRET" \
      -e FALCON_CLOUD_REGION="us-1" \
      -v ~/.aws:/fig/.aws \
      falcon-integration-gateway:latest
  

This site is open source. Improve this page.