SIEM Integration and Usage guide

Last updated: April 20, 2026

SIEM integration in the Matters platform enables seamless export of DAM, DDR, and Misconfiguration data to external systems such as Amazon S3. This integration helps in centralized monitoring, analysis, and long-term storage of security events. By configuring SIEM, users can ensure that critical alerts and data are securely transferred and easily accessible for further processing and compliance needs.

Follow the steps below to configure SIEM integration on the Matters dashboard.

Prerequisites

  • Access to Matters Dashboard with permissions to configure SIEM.

  • Access to AWS account with IAM role and policy management permissions.

  • A pre-created S3 bucket with known bucket name and region.

Step:1. Open SIEM Settings in Matters

  1. Log in to the Matters Dashboard.

  2. Navigate to Project Settings from the bottom-left corner.

  3. Click Notifications.

  4. Select SIEM.

image.png

step:2. Add a New Destination

  1. Click on Add Destination.

image.png

There are two ways to integrate SIEM into the dashboard: one is by using an existing role, and the other is by creating a new role. Follow the procedure below for the same.

Procedure A: Create a New AWS IAM Role

Step:1. Start Role Creation

  1. Enter a Valid Integration Name

  2. Select Create New Role.

  3. Click Proceed to Connect.

image.png

Step:2. Copy Trust Policy

  1. Copy the Trust Policy displayed on the Matters dashboard.

image.png

Step:3. Create Role in AWS

  1. Log in to the AWS Console.

  2. Go to IAM > Roles.

  3. Click Create Role.

image.png
  1. Select Custom Trust Policy.

  2. Paste the copied trust policy.

  3. Click Next.(you can skip the step for adding permissions)

image.png
  1. Enter the Role Name.

  2. Click Create Role.

  3. Once the role is created, copy the Role ARN for future use.

image.png

Step:4. Provide Role Details in Matters

  1. Return to the Matters Dashboard.

  2. Click I’ve Created the Role with Trust Policy.

image.png

  1. Paste the Role ARN.

  2. Enter:

  • AWS Region

  • S3 Bucket Name

  • Optional S3 Prefix

  1. Click Next.

image.png

Step :5 Copy Role Policy

  1. Copy the Role Policy shown on the Matters dashboard.

image.png

Step:6 . Attach Policy in AWS

  1. Go to the AWS Console.

  2. Open the created IAM role.

  3. Click Add Permissions.

  4. Select Create Inline Policy.

  5. Go to the JSON tab.

  6. Paste the copied policy.

  7. Click Next.

image.png
  1. Enter a Policy Name.

  2. Click Create Policy.

image.png

Step:7 . Complete Setup

  1. Return to the Matters Dashboard.

  2. Click on “I’ve attatched the IAM Policy

image.png

  • Set preferences as required.

  • Click Save.

image.png
  • On successfull Integration you will see “Successfully Connected to SIEM Destination” message

image.png

Procedure B: Use an Existing AWS IAM Role

Step:1 Selecting Existing Role

  1. Enter valid Integration Name.

  2. Select Existing Role which you want to use from the dropdown.

  3. Click Proceed to Connect.

image.png

Step:2 Enter Role and S3 Details

  1. Verify that the Role ARN is auto-populated.

  2. Enter:

    • AWS Region

    • S3 Bucket Name

    • optional S3 prefix

  3. Click Next.

image.png

Step:2 Copy Role Policy

  1. Copy the Role Policy displayed on the Matters dashboard.

image.png

Step:3 Attach Policy to Existing Role

  1. Log in to the AWS Console.

  2. Navigate to IAM > Roles.

  3. Search for and open the existing role.

  4. Click Add PermissionsCreate Inline Policy.

image.png
  1. Go to the JSON tab.

  2. Paste the copied policy.

  3. Click Next.

  4. Enter a Policy Name.

  5. Click Create Policy.

image.png

  • verify that the permission will be added

image.png

Step:4 Finalize Setup

  1. Return to the Matters Dashboard.

  2. Click I’ve Attached the IAM Policy.

image.png
  1. Set preferences as required.

  2. Click Save.

image.png

Push Data to SIEM

1. Push Misconfiguration Data

  1. Navigate to Misconfigurations.

  2. Open any item.

  3. Click Push to SIEM.

image.png

  1. View the transfer status in Push History.

image.png

2. Push Alert Data

  1. Go to the Alerts section.

  2. Click on Push to SIEM to send alert data.

image.png

  1. You can verify the transfer details in Push History.

image.png

3.Push DAM Data

  1. Navigate to the DAM section.

  2. Open any item.

  3. Click on Push to SIEM to transfer the data.

image.png

  1. Check the transfer status in Push History.

image.png