NG SIEM- AWS CSPM Integration Introduction CSPM discovers and evaluates the services in your cloud environment, like storage, compute, IAM, and more, against hardening guidelines defined by the Center for Internet Security (CIS) to help you identify and remediate configurations risks like: Publicly exposed storage buckets IAM Users without MFA enabled Networking objects that allow ingress to remote server administration ports (22, 3389, etc.) Recommendation Set up cloud account access The CSPM integration requires access to AWS’s built-in  SecurityAudit  IAM policy  in order to discover and evaluate resources in your cloud account. To provide access we need: IAM Role Direct access keys Create IAM User Follow AWS’s  IAM roles for Amazon EC2  documentation to create an IAM role using the IAM console, which automatically generates an instance profile. Create an IAM role: In AWS, go to your IAM dashboard. Click  Roles , then  Create role . On the  Select trusted entity  page, under  Trusted entity type , select  AWS service . Under  Use case , select  EC2 . Click  Next . On the  Add permissions  page, search for and select  SecurityAudit . Click  Next . On the  Name, review, and create  page, name your role, then click  Create role .   Attach your new IAM role to an EC2 instance: In AWS, select an EC2 instance. Select  Actions > Security > Modify IAM role . On the  Modify IAM role  page, search for and select your new IAM role. Click  Update IAM role .   Create Direct access keys Access keys are long-term credentials for an IAM user or AWS account root user. To use access keys as credentials, you must provide the  Access key ID  and the  Secret Access Key . After you provide credentials,  finish manual setup . For more details, refer to  Access Keys and Secret Access Keys . Access key ID : The first part of the access key. Secret Access Key : The second part of the access key. Please provide the following information to  CyTech :   Access Key ID Secret Access Key