From 15cc569b9bf9133bcfc73a0fa02e4daf6f52fff1 Mon Sep 17 00:00:00 2001 From: Ryan Haney Date: Fri, 26 Sep 2025 14:21:00 -0500 Subject: [PATCH 1/2] updating the Fleet configuration fields --- terraform/aws-flow-sensor/README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/terraform/aws-flow-sensor/README.md b/terraform/aws-flow-sensor/README.md index 8853acd..00c32a7 100644 --- a/terraform/aws-flow-sensor/README.md +++ b/terraform/aws-flow-sensor/README.md @@ -30,17 +30,18 @@ Flow Logs will only be processed for VPCs with flow log configurations matching ## Configuration Once paired with Fleet, configure the AWS VPC Flow feature (Private Preview) under `Advanced` as follows: -| Configuration | Required | Default | Purpose | Example | -|------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| -| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On | -| `vpc_flow.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` | -| `vpc_flow.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` | -| `vpc_flow.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` | -| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` | -| `vpc_flow.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` | -| `vpc_flow.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` | -| `vpc_flow.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` | -| `vpc_flow.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` | +| Configuration | Required | Default | Purpose | Example | +|----------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| +| `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On | +| `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` | +| `vpc_flow.log_meta` | NO | false | Adds the s3 object key, total flows, ENI, and AWS account ID to the resulting conn log | `debug` | +| `vpc_flow.aws.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` | +| `vpc_flow.aws.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` | +| `vpc_flow.aws.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` | +| `vpc_flow.aws.monitored_accounts` | NO | `nil` | Filters which account(s) the Flow Sensor will process logs. Attempts to process all accounts found in the bucket if not configured | `111111111111,222222222222` | +| `vpc_flow.aws.monitored_vpcs` | NO | `nil` | Filters which VPC(s) the Flow Sensor will process logs. Attempts to process all VPCs with supported flow configurations found in each account if not configured | `vpc-12345,vpc-54321` | +| `vpc_flow.aws.monitored_regions` | NO | `Default AWS Region List` | Filters which region(s) the Flow Sensor will process logs. Will enumerate VPCs in the `Default AWS Region List` if not configured | `us-east-1,us-east-2` | +| `vpc_flow.aws.cross_account_role_name` | NO | `nil` | Name of the cross account role the Flow Sensor should assume into in each account. Will ignore any account that is not the account the Flow Sensor is deployed in if not configured. | `corelight-vpc-flow-cross-account-role` | ### Default AWS Region List * `us-east-1` From bb91cef34550664fa77c45b97631fcd40e1f22e0 Mon Sep 17 00:00:00 2001 From: Ryan Haney Date: Fri, 26 Sep 2025 14:24:43 -0500 Subject: [PATCH 2/2] mistype --- terraform/aws-flow-sensor/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/aws-flow-sensor/README.md b/terraform/aws-flow-sensor/README.md index 00c32a7..c871335 100644 --- a/terraform/aws-flow-sensor/README.md +++ b/terraform/aws-flow-sensor/README.md @@ -34,7 +34,7 @@ Once paired with Fleet, configure the AWS VPC Flow feature (Private Preview) und |----------------------------------------|----------|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------| | `vpc_flow.enable` | YES | N/A | Enables the service | Toggle On | | `vpc_flow.log_level` | NO | `info` | The log level of the service | `debug` | -| `vpc_flow.log_meta` | NO | false | Adds the s3 object key, total flows, ENI, and AWS account ID to the resulting conn log | `debug` | +| `vpc_flow.log_meta` | NO | false | Adds the s3 object key, total flows, ENI, and AWS account ID to the resulting conn log | `true` | | `vpc_flow.aws.bucket_name` | YES | N/A | VPC flow log s3 bucket name | `vpc-flow-logs` | | `vpc_flow.aws.bucket_region` | YES | N/A | VPC flow log bucket region | `us-east-1` | | `vpc_flow.aws.start_date` | YES | N/A | Date to begin processing flows in AWS format (YYYY/MM/DD) | `2025/06/01` |