cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: Any experience adding AWS Cloudtrail as a data source?

No that is something different. As I mentioned earlier what we saw in the logs were messages along the lines of 'the certificate is untrusted'.

What you are getting there is indicating that for some reason your connection is being refused on the Amazon side of things, where in our case it was the McAfee side that was doing the refusing as the cert was untrusted.

Highlighted
Level 7
Report Inappropriate Content
Message 12 of 15

Re: Any experience adding AWS Cloudtrail as a data source?

hey cowboy71, I'm talking to McAfee support now, it looks like the connection is indeed being refused by the McAfee side. Did you have your ESM instance located inside your internal network, or on the cloud in Amazon? The support person doesn't seem like he knows what I'm talking about and keeps sending me article with instructions on how to activate ESM in AWS. Are you able to give me the ticket # you logged with McAfee so I can show it to him and let him see how to resolve this?

Thanks,

AP

Highlighted

Re: Any experience adding AWS Cloudtrail as a data source?

Our situation was physical appliance inside the network.

I'll see if I can locate a case number for you.

Highlighted

Re: Any experience adding AWS Cloudtrail as a data source?

anhp,

Were you able to solve your connection issue? McAfee tech support is telling me it's related to my on-prem ESM/ELM combo box having to go thru a proxy to get to internet that's issue because they don't support that. Was that you're experience. My logs have the following error:

"Use of uninitialized value $try in concatenation (.) or string at /usr/lib/perl5/site_perl/5.16.1/Amazon/SQS/Simple/Base.pm line 136.

ERROR [try ]: On calling SetQueueAttributes: 500 Can't connect to sqs.us-east-1.amazonaws.com:443 (Connection refused) at /usr/local/bin/cloudtrailcoll.pl line 172."

Highlighted
Level 7
Report Inappropriate Content
Message 15 of 15

Re: Any experience adding AWS Cloudtrail as a data source?

if you are ok with a commercial solution to solve this for you I would recommend on checking out the skyformation.com cloud services connectors middleware.

Their AWS connector is doing just that, pretty straightforward to install, and they have other cloud connectors in case you need. 

We have so far positive feedback from our customers on the solution and their support group.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community