logo
Menu

Snyk – Splunk Integration via Cloudwatch Log Group

This post outlines the basic steps in pushing centralized snyk audit logs and issues into Splunk via a cloudwatch log group which is set as a target. This deployment can be replicated and/or re-invented for other 3rd party tools by leveraging the "Partner event sources" in Amazon Eventbridge

Published Apr 22, 2024
1. Configure Eventbridge in the Snyk dashboard.
2. Centralize all event buses.
3. Deploy cloudformation template to create an eventbridge rule with the centralized event bus.
Configuring EventBridge in the Snyk dashboard
Navigate to the Snyk integrations page search for EventBridge or navigate to the Cloud events section. Click on the EventBridge tile to start creating a new integration.
Snyk integration for Amazon Eventbridge
Snyk integrations
Create new EventBridge integration
- Enter a name for this integration
- Enter the AWS Account ID and AWS Region where you want to receive events.
- Select the Event Type you want to forward with this integration. To send more than one event type to the same account/region, create a separate integration for each event type.
Eventbridge integration
Snyk App Authorization
If this is the first time you have set up an Amazon EventBridge integration for your organization, you will be prompted to complete the Snyk App authorization flow.
After completing the authorization flow you will be redirected to the settings page for the integration.
Configure the integration in Amazon EventBridge
After configuring the EventBridge integration on the Snyk side, you should see a new Partner Event Source in the EventBridge console.
  1. Go to the EventBridge console.
  2. Navigate to the Partner event sources page under the Integration section.
Partner event sources
Snyk-generated event sources will have a naming pattern like this:
**aws.partner/snyk.io/org_<SNYK_ORG_ID>/<EVENT_TYPE>**
- Click on the name of the event source then click Associate with event bus and follow the prompts to associate the event source with an event bus.
- After the event source is associated with an event bus, Snyk will immediately be able to start sending events, which you can use for any actions supported by EventBridge.
Centralize all event buses.
This will be the event bus where all events from other buses will be sent.
- On each of your source event buses, create a rule that matches the events you want to send to the centralized bus.
The rule’s target should be the ARN of the centralized event bus
Centalize all event buses
  • Deploy cloudformation template to create an eventbridge rule with the centralized event bus.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
AWSTemplateFormatVersion: '2010-09-09'
Description: Creates eventbridge rules and delivers Snyk events via Amazon EventBridge to CloudWatch Logs from the Centralized Event Bus

Resources:
Testing:
Type: AWS::Events::Rule
Properties:
EventBusName: <replace with your eventbus name>
EventPattern:
"source": [{"prefix": aws.partner/snyk.io}]
account:
- !Ref AWS::AccountId
Targets:
- Arn: <replace with arn of your eventbus>
Id: <replace with your snyk-centralized-eventbus-id>
RoleArn: !GetAtt SnykEventBridgeSenderRole.Arn

# EventBridge IAM Role to send events to an event bus
SnykEventBridgeSenderRole:
Type: AWS::IAM::Role
Properties:
RoleName: SnykEventBridgeSenderRole
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: events.amazonaws.com
Action: sts:AssumeRole
 

Comments