cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Re: Any experience adding AWS Cloudtrail as a data source?

No that is something different. As I mentioned earlier what we saw in the logs were messages along the lines of 'the certificate is untrusted'.

What you are getting there is indicating that for some reason your connection is being refused on the Amazon side of things, where in our case it was the McAfee side that was doing the refusing as the cert was untrusted.

anhp
Level 7
Report Inappropriate Content
Message 12 of 15

Re: Any experience adding AWS Cloudtrail as a data source?

hey cowboy71, I'm talking to McAfee support now, it looks like the connection is indeed being refused by the McAfee side. Did you have your ESM instance located inside your internal network, or on the cloud in Amazon? The support person doesn't seem like he knows what I'm talking about and keeps sending me article with instructions on how to activate ESM in AWS. Are you able to give me the ticket # you logged with McAfee so I can show it to him and let him see how to resolve this?

Thanks,

AP

Re: Any experience adding AWS Cloudtrail as a data source?

Our situation was physical appliance inside the network.

I'll see if I can locate a case number for you.

Re: Any experience adding AWS Cloudtrail as a data source?

anhp,

Were you able to solve your connection issue? McAfee tech support is telling me it's related to my on-prem ESM/ELM combo box having to go thru a proxy to get to internet that's issue because they don't support that. Was that you're experience. My logs have the following error:

"Use of uninitialized value $try in concatenation (.) or string at /usr/lib/perl5/site_perl/5.16.1/Amazon/SQS/Simple/Base.pm line 136.

ERROR [try ]: On calling SetQueueAttributes: 500 Can't connect to sqs.us-east-1.amazonaws.com:443 (Connection refused) at /usr/local/bin/cloudtrailcoll.pl line 172."

yagoal
Level 7
Report Inappropriate Content
Message 15 of 15

Re: Any experience adding AWS Cloudtrail as a data source?

if you are ok with a commercial solution to solve this for you I would recommend on checking out the skyformation.com cloud services connectors middleware.

Their AWS connector is doing just that, pretty straightforward to install, and they have other cloud connectors in case you need. 

We have so far positive feedback from our customers on the solution and their support group.

McAfee ePO Support Center Plug-in
Check out the new McAfee ePO Support Center. Simply access the ePO Software Manager and follow the instructions in the Product Guide for the most commonly used utilities, top known issues announcements, search the knowledgebase for product documentation, and server status and statistics – all from within ePO.