r7insight_lambdaCW

Obtain log token(s)

Create a new Lambda function
On the "Select Blueprint" screen, press "Skip"
Configure function:
- Give your function a name
- Set runtime to Python 2.7
Upload function code:
- Create a .ZIP file, containing r7insight_lambdaCW.py and the folder certifi
  - Make sure the files and certifi folder are in the root of the ZIP archive
- Choose "Upload a .ZIP file" in "Code entry type" dropdown and upload the archive created in previous step
Lambda function handler and role
- Change the "Handler" value to r7insight_lambdaCW.lambda_handler
- Create a new basic execution role (your IAM user must have sufficient permissions to create & assign new roles)
Set Environment Variables:
- Token value should match UUID provided by Rapid 7 UI or API
- Region should be that of your Rapid 7 account
Key Value

region eu / us

token token uuid
Allocate resources:
- Set memory to 128 MB (adjust to your needs)
- Set timeout to ~2 minutes (adjust to your needs)
Enable function:
- Click "Create function"

Key	Value
region	eu / us
token	token uuid

Create a new stream:
- Select CloudWatch log group
- Navigate to "Actions / Stream to AWS Lambda"
Choose destination Lambda function:
- Select the AWS Lambda function deployed earlier from drop down menu
- Click "Next" at the bottom of the page
Configure log format:
- Choose the correct log format from drop down menu
- Specify subscription filter pattern
  - Please see AWS Documentation for more details
  - If this is blank / incorrect, only raw data will be forwarded to Rapid 7
  - Amazon provide preconfigured filter patterns for some log types
- Click "Next" at the bottom of the page
Review and start log stream
- Review your configuration and click "Start Streaming" at the bottom of the page
Watch your logs come in:
- Navigate to your Rapid 7 account and watch your CloudWatch logs appear