Architecture

Deploying this ABI package with default parameters builds the following architectures.

AWS CloudTrail integration architecture diagram

AWS CloudTrail integration architecture diagram AWS CloudTrail integration architecture diagram

As shown in the diagram, this integration sets up the following:

  • In the log archive account:
    • Amazon CloudWatch events rules to detect new PUTs in the organizational CloudTrail S3 bucket and trigger an AWS Lambda function.
    • The Lambda function forwards the new CloudTrail events to Trend Vision One.
SSM integration architecture diagram

SSM integration architecture diagram SSM integration architecture diagram

  • In each AWS Organizations account:
    • Four system-manager parameters are created in each AWS Region.
    • For a defined CRON job, the AWS Systems Manager workload security agent association package triggers for ‘*’ instances managed by SSM.
    • The SSM association package deploys workload security agent for unmanaged instances.

Next: Deployment Options