Connector

This topic describes the purpose of the Illumio CloudSecure Connector feature, and provides a general example of how you would use it. For instructions on how to connect a specific a workflow and incident management tool, such as Slack, using the Connector page, see the applicable pop-up help in the user interface.

Apps Use Case and Example

This feature lets you connect workflow and incident management tools, such as messaging applications or others, to CloudSecure. For example, you might want to receive a notification in your messaging application when a policy changes or when a deployment is removed. (For such notifications, a message banner displays the time and frequency of the aggregated alerts that CloudSecure delivers to the application.)

The following steps illustrate how you might set up a connection to such an application.

  1. The first part of the sequence would be to browse to the Settings > Connector > Apps tab. From there, the pop-up help will give you instructions.
  2. Depending on your application, you may need to provide the following:
    • Channel Name (CloudSecure does not verify the name, so make sure it is correct.)
    • Webhook URL (This would be how CloudSecure knows where to deliver the message.)
  3. The dialog may have fields for other characteristics, depending on the application.
  4. As soon as a channel is configured, any subsequent alerts would also be scheduled for your newly added channel.
  5. Alerts are sent to all configured channels. In other words, the same alert message is sent to all of them if all the channels were added before the first alert of the day got triggered.
  6. The next step would be to edit or delete your created channels if needed. Click the application tile in the Apps tab to see a list of channels.

Different kinds of workflow and incident management tools vary widely, so see the pop-up help in the user interface that is specific to that particular one.

Automation Use Case and Example

This feature lets you automate messaging after you have performed the above steps to connect workflow and incident management tools, such as messaging applications or others, to CloudSecure.

  1. The first step is to browse to the Settings > Connector > Automation tab.
  2. Click Add Rule and enter a rule name in the dialog that appears. In this example, you want to have Slack notify you of system audit events. You might name it 'Successful Policy Update to Slack.'
  3. Select one or more triggers by clicking Add Trigger and then selecting a trigger in the dropdown menu. In this case, you might pick something like 'policy is provisioned.'
  4. Select one or more actions by clicking Add Action and then selecting an action in the dropdown menu. In this example it might be 'send a Slack message.'
  5. Under Slack Channel, select a Slack channel, and under Message, enter a message.
  6. Under Date and Time, select either Send immediately, or Send later and specify a time and frequency.
  7. Click Send Test to verify your system event Slack notification before you click Add Rule in the Add Rule dialog.

S3 Bucket Use Case and Example

This feature lets you connect CloudSecure to your AWS S3 buckets so that you can export ​CloudSecure​​ traffic flows to your S3 buckets.

Onboarding an S3 Bucket

Use these steps to onboard an S3 bucket:

  1. Log into the Illumio Console and navigate to ​Settings > Connector​​ tab.​
  2. Click the ​S3 Bucket​​ tile.​
  3. Click ​Connect S3 Bucket​​.​
  4. In the dialog that appears, choose the radio button for either onboarded or unknown AWS accounts and select entries for the following credentials:
  • Account ID
  • S3 Bucket ARN
  • Region
  1. Click ​Next​​.​​​
  2. Select a Service Account.​​​
  3. Select your preferred type of Integration. ​Illumio recommends creating a cloud formation stack. Create the appropriate roles in the AWS console, and when you are done, click ​Next ​​in the ​CloudSecure dialog.​​
  4. Click ​Save​​. This completes the connection and takes you to a list of added S3 buckets.

You can delete S3 bucket connections by selecting one or more S3 buckets from the list and clicking ​Remove​​.

Testing the Onboarded​ S3 Bucket Connection

Test your connection to ensure that CloudSecure​​ exports traffic to your S3 bucket with the following steps:

  1. Select the S3 bucket in the list and click ​Test Connection​​. You will get either a 'Connection Successful' or a 'Connection Failed' message.​​
  2. If you got a failure message, click ​Configure ​​to change your selections as needed to successfully connect.
  • Verify that the provided account ID, bucket ARN, and region are correct
  • Once verified, grant access again by running the cloud formation template to grant ​CloudSecure​​ access to the bucket
  • Save the changes and the test connection again. If the cloud formation template succeeded, the connection should work.
  1. If you got a success message, there is nothing more you need to do for that connection.

Exporting Traffic Data to an Onboarded​ S3 Bucket​

Use the following steps to export data to your S3 buckets.

  1. On the Traffic page, filter your traffic as desired and click ​Export > Export Connector​​.​
  2. In the dialog that appears, choose the following selections:
  • Connector: S3 Bucket
  • S3 Bucket: The S3 bucket of current interest
  • Add Prefix (Optional): A prefix with meaning to you that will assist in sorting your exported collection of data
  1. If you wish, click ​Test Connection​​.
  2. When you are satisfied with your selections, click ​Save​​.
  3. After saving, view your CloudSecure​​ traffic query export statuses in the Settings > Connector > S3 Bucket tab, under the specified bucket. Traffic data begins to appear in the AWS console S3 bucket on an hourly basis.