🕳️
The Cyber Security Library
  • The Library
  • Offensive Security
    • Solar, Exploiting log4j
      • Reconnaissance
      • Discovery
      • Proof of Concept
      • Exploitation
    • Basic Authentication Bypass
      • Username Enumeration
      • Brute Force
      • Logic Flaw
      • Cookie Tampering
    • Insekube
      • Recon with Nmap
      • Checking out the web address
      • Creating a Reverse shell
      • Inside the Kubernetes pod
      • CVE-2021-43798
    • Snort
      • What is Snort? (For the uninitiated)
      • Task exercise
      • Traffic Generator
      • Brief overview of IDS and IPS
      • Checking Snort
      • Snort Sniffer mode
      • Packet Logger mode
    • Runtime Detection Evasion
      • Learning Objectives of AMSI
      • Runtime detections
      • AMSI Overview
      • AMSI Instrumentation
      • Powershell Downgrade
      • Powershell Reflection
      • Patching AMSI
    • Red team recon using OSINT
      • Taxonomy of Reconnaissance
      • Built-in tools
      • Advanced Searching
      • Specialized Search Engines
  • Malware
    • Introduction to Malware Analysis
      • What are the different types of malware analysis
      • Doing different types of analysis
      • Anti analysis techniques
    • Ransomeware: Maze
    • Exploring Steganography
    • Simple Trojan with Python
      • The Python Trojan
      • Breaking down the python code
  • Vulnerability Management
    • Nessus
      • Introduction
      • Nessus Essentials
      • Scans
      • Authenticated Scans
      • Results
      • Running custom scans
  • Cloud
    • AWS
      • AWS CDK: Deploy and using amazon SQS Que from Repo
        • Node modules and Bootstrapping troubleshooting
        • Sending and Receiving information from the stack
        • Destroying the stack and cleaning up
      • Using Different AWS Services with Splunk
        • AWS Config
          • How Does Config work?
          • How to enable Config
          • Settings
          • Aggregation
          • Creating Config Resource
          • Creating Aggregator
          • Adding Rules
        • CloudTrail
          • What is CloudTrail?
          • Features of CloudTrail
          • Benefits of CloudTrail
          • CloudTrail Event History
          • Securing CloudTrail
        • EventBridge
          • Configuring EventBridge and Event Patterns
          • EventBridge Targets
        • CloudWatch
          • The CloudWatch Dashboard
            • Virtual Machine
          • CloudWatch Alarms and Metric Filters
            • Searching logs using metric filters
            • CloudWatch Alarms
          • CloudWatch CIS Alarms
            • SNS
        • Configuring VPC Flow Logs
          • An introduction to VPC flow logs
        • Automating Incident Response with EventBridge
          • Creating Lambda functions
        • CloudTrail SIEM Integration (Splunk)
          • AWS architecture for integrating with Splunk
      • AWS DevOps EBS Volumes
        • CloudWatch
        • EBS Volume
        • Lambda
      • EKS Creating a deployment with AWS in the command Line
        • Setting up AWS Cloud9
        • Creating a Cluster
        • Creating Deployment
      • How to CloudShell SSH in to ec2 Instances
    • Azure
      • Worker CTF (Azure DevOps)
        • Enumeration
        • Using SVN
        • Exploring the Domain
        • Cracking Azure DevOps console
      • Software development environments and Azure DevOps pipeline abuse
        • Accessing Azure Devops
        • Exploring Project Pages
  • Splunk
    • Splunk SIEM Integration
      • AWS architecture for integrating with Splunk
    • Splunk Threat Hunting Ep.6 Credential Access
  • DevOps
    • Using AWS, Docker, Jenkins and SonarQube to improve code quality
      • Updating the Cloud Instance and Getting Docker
      • Installing SonarQube
      • Creating Jenkins Server
      • Manaing SonarQube and Jenkins
    • Creating a Codebuild project and getting the output with CloudWatch Logs
      • IAM
      • CodeBuild
  • CTF's
    • THM Wonderland
      • Nmap and Gobuster
      • Entering Wonderland
      • Privilege Escalation
    • Healthcare OpenEMR system -THM Plotted EMR
      • Recon with Nmap
      • Exploring the ports found
      • Gobuster
      • Searchsploit Open emr
    • Steam Cloud CTF Exploiting Kubernetes
      • SteamCloud Privilege Escalation
    • THM Flatline CTF
      • Recon with Nmap
      • Searchsploit for freeswitch
      • Using the exploit
      • Escalating my privileges
      • Gaining access inside the Windows RDP
    • Biteme CTF
      • Recon
      • Looking into the PHP code and decoding hexadecimal
      • Python script and Bash script
      • Bruteforcing MFA Code
      • Trying to gain access via SSH
      • Inside SSH
      • Fail2ban Privilege Escalation
    • Devoops CTF
      • Enumeration
      • Exploiting Web Page
      • Creating Python exploit
    • GoBox CTF
      • Enumeration
      • Using Burpsuite and creating Reverse shell
    • Explore: Android Box
      • Enumeration
      • Initial foothold
      • Privilege escalation
Powered by GitBook
On this page
  • EventBridge Management Console
  • EventBridge rules
  • Event patterns
  • Schedules
  1. Cloud
  2. AWS
  3. Using Different AWS Services with Splunk
  4. EventBridge

Configuring EventBridge and Event Patterns

PreviousEventBridgeNextEventBridge Targets

Last updated 1 year ago

EventBridge Management Console

The EventBridge Management Console can be used to view and manage EventBridge buses, rules, global endpoints, and more.

Each region has a default bus to which AWS services send events, but you can also create your own custom buses to receive events from buses in other accounts and regions, or to receive events from an external source, such as AWS Partners like ZenDesk or Shopify.

You can view and create buses from the Buses section of the console. From the Actions dropdown, you can send test events to a bus, configure archives (caching of events published to a bus for a defined retention period), and initiate schema discovery, which captures the schemas of different events that are streamed through your bus.

This event shows a console user attempting to delete a key pair in EC2. EventBridge can capture events from user API calls (captured via CloudTrail), service notifications (e.g., a state-change notification for EC2 instances), external AWS Partners like ZenDesk or Shopify, and events forwarded from buses in other regions and accounts.

This enables event-driven automation and allows you to easily monitor changes in your account and stream events from third-party sources. It's worth noting that AWS services only send events to the default bus.

EventBridge rules

The Rules section of the EventBridge management console can be used to view, create, and manage event rules. You must select which bus's rules you wish to view or configure. From here, you can create, edit, disable and delete rules. Disabling a rule simply stops the bus from comparing events against it and sending matches to the rule’s target. You can re-enable any disabled rules, whereas deleting a rule is irreversible.

Rules can be either triggered by events (when an event matches a pre-defined pattern), or on a schedule. Clicking on a rule’s name from here shows you more details about the rule and provides the options to edit the schedule or event pattern, view and configure targets, and disable or delete the rule.

Event patterns

For rules triggered by events, you must build an event pattern. You do this as part of creating the rule itself. First, you need to choose the source. This will usually be an AWS event source.

Following this, you have to define the pattern to match events:

  1. Pick your source – in this series, this will usually be AWS events or EventBridge partner events.

  2. You can then define your event pattern. Fortunately, an event pattern builder is included, where you can choose the event source, the service (if applicable), and the event type. You can even choose to only capture events with a certain name, using the Specific options field!

Schedules

An alternative to triggering rules based on events is to run rules on a schedule. Instead of building an event pattern, you simply define either the times and dates at which you want the rule to trigger (e.g., every Friday at 7 pm), using cron expressions, or you define the rate at which you wish the rule to trigger (e.g., every 3 hours). You can do this via the Eventbridge Scheduler, which can be found under the Scheduler → Schedules section of the Eventbridge console.

Amazon EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one centrally managed service. It supports templated and universal targets that can invoke any AWS service and allows flexible time windows and retries for reliable event delivery. To create a schedule, click create a schedule. You will be presented with a series of forms to specify your schedule pattern (a one-time run or a recurring task), target API, retry policies, encryption, and execution permissions.

are JSON objects detailing a change in your operational environment. An example event may look like this, condensed here for readability:

Events