SIEM integration in the Matters platform enables seamless export of DAM, DDR, and Misconfiguration data to external systems such as Amazon S3. This integration helps in centralized monitoring, analysis, and long-term storage of security events. By configuring SIEM, users can ensure that critical alerts and data are securely transferred and easily accessible for further processing and compliance needs.

Follow the steps below to configure SIEM integration on the Matters dashboard.

Prerequisites

• Access to Matters Dashboard with permissions to configure SIEM.

• Access to AWS account with IAM role and policy management permissions.

• A pre-created S3 bucket with known bucket name and region.

Step:1. Open SIEM Settings in Matters

1. Log in to the Matters Dashboard.

2. Navigate to Project Settings from the bottom-left corner.

3. Click Notifications.

4. Select SIEM.

step:2. Add a New Destination

1. Click on Add Destination.

There are two ways to integrate SIEM into the dashboard: one is by using an existing role, and the other is by creating a new role. Follow the procedure below for the same.

Procedure A: Create a New AWS IAM Role

Step:1. Start Role Creation

1. Enter a Valid Integration Name

2. Select Create New Role.

3. Click Proceed to Connect.

Step:2. Copy Trust Policy

1. Copy the Trust Policy displayed on the Matters dashboard.

Step:3. Create Role in AWS

1. Log in to the AWS Console.

2. Go to IAM > Roles.

3. Click Create Role.

4. Select Custom Trust Policy.

5. Paste the copied trust policy.

6. Click Next.(you can skip the step for adding permissions)

7. Enter the Role Name.

8. Click Create Role.

9. Once the role is created, copy the Role ARN for future use.

Step:4. Provide Role Details in Matters

1. Return to the Matters Dashboard.

2. Click I’ve Created the Role with Trust Policy.

3. Paste the Role ARN.

4. Enter:

• AWS Region

• S3 Bucket Name

• Optional S3 Prefix

5. Click Next.

Step :5 Copy Role Policy

1. Copy the Role Policy shown on the Matters dashboard.

Step:6 . Attach Policy in AWS

1. Go to the AWS Console.

2. Open the created IAM role.

3. Click Add Permissions.

4. Select Create Inline Policy.

5. Go to the JSON tab.

6. Paste the copied policy.

7. Click Next.

8. Enter a Policy Name.

9. Click Create Policy.

Step:7 . Complete Setup

1. Return to the Matters Dashboard.

2. Click on “I’ve attatched the IAM Policy”

• Set preferences as required.

• Click Save.

• On successfull Integration you will see “Successfully Connected to SIEM Destination” message

Procedure B: Use an Existing AWS IAM Role

Step:1 Selecting Existing Role

1. Enter valid Integration Name.

2. Select Existing Role which you want to use from the dropdown.

3. Click Proceed to Connect.

Step:2 Enter Role and S3 Details

1. Verify that the Role ARN is auto-populated.

2. Enter:

   • AWS Region

   • S3 Bucket Name

   • optional S3 prefix

3. Click Next.

Step:2 Copy Role Policy

1. Copy the Role Policy displayed on the Matters dashboard.

Step:3 Attach Policy to Existing Role

1. Log in to the AWS Console.

2. Navigate to IAM > Roles.

3. Search for and open the existing role.

4. Click Add Permissions → Create Inline Policy.

5. Go to the JSON tab.

6. Paste the copied policy.

7. Click Next.

8. Enter a Policy Name.

9. Click Create Policy.

• verify that the permission will be added

Step:4 Finalize Setup

1. Return to the Matters Dashboard.

2. Click I’ve Attached the IAM Policy.

3. Set preferences as required.

4. Click Save.

Push Data to SIEM

1. Push Misconfiguration Data

1. Navigate to Misconfigurations.

2. Open any item.

3. Click Push to SIEM.

4. View the transfer status in Push History.

2. Push Alert Data

1. Go to the Alerts section.

2. Click on Push to SIEM to send alert data.

3. You can verify the transfer details in Push History.

3.Push DAM Data

1. Navigate to the DAM section.

2. Open any item.

3. Click on Push to SIEM to transfer the data.

4. Check the transfer status in Push History.