Installing dependencies
Note
The integration with AWS S3 can be done at the Wazuh manager (which also behaves as an agent) or directly at a Wazuh agent. This choice merely depends on how you decide to access your AWS infrastructure in your environment.
Python Boto3 module is required on the system running the Wazuh module to pull AWS events.
Pip
The required modules can be installed with Pip, the Python package manager. The majority of UNIX distributions have this tool availabel in their software repositories, but it can be compiled from sources too:
For CentOS/RHEL/Fedora systems:
# yum install python-pip
For Debian/Ubuntu systems:
# apt-get update && apt-get install python-pip
From sources:
# curl -O https://bootstrap.pypa.io/get-pip.py
# python get-pip.py
Boto3
Boto3 is the official package supported by Amazon to manage AWS resources. It will be used to download the log messages from the S3 Bucket. To install this package, execute the following command:
# pip install boto3