AWS Streaming Analyzer

Analyzer Name: AWS Streaming

Purpose

The AWS Streaming analyzer provides focused insights into the streaming services within your AWS environment, specifically targeting Kinesis. It is invaluable for IT Ops and Sec Ops engineers in understanding streaming activity, managing resources, and ensuring compliance with security policies. From a security perspective, this analyzer highlights any potential risks associated with stream access and configuration. Operationally, it aids in monitoring stream utilization and auditing CloudTrail events, ensuring that streaming data workflows are secure and efficient.

List of Sightlines and Widgets

Kinesis

Significance: The Kinesis sightline offers insights into the streams configured in AWS, their activity, and related CloudTrail events. For Sec Ops engineers, it highlights potential security issues, such as unauthorized access or misconfigurations. IT Ops engineers can use it to monitor stream usage and manage operational workflows.

Widgets

• All Streams

• Cloudtrail Events Related to Streams

List of Alerts

• Unauthorized Stream Access: Identifies unauthorized attempts to access Kinesis streams, enabling Sec Ops teams to investigate and mitigate potential breaches.

• Inactive Streams: Detects streams that have been inactive for a defined period, allowing IT Ops to deprecate unused resources and optimize costs.

• CloudTrail Events Anomaly: Flags unusual or unexpected CloudTrail events related to streams, helping Sec Ops identify potential threats or misconfigurations.

• Excessive Stream Creation or Deletion: Alerts on a high number of stream creation or deletion activities within a short period, indicating potential misuse or automation issues.

• Publicly Accessible Streams: Detects streams configured with overly permissive access policies, ensuring compliance with security standards and preventing data exposure.