Skip to main content
Storing notifications in S3
Language

S3

Store cside security alerts in AWS S3 buckets for archival, compliance, and integration with SIEM systems.

Storing notifications in S3

Use an AWS S3 bucket as a notification destination to archive alerts as JSON or CSV files. This is useful for long-term storage, compliance requirements, and integration with SIEM or log aggregation systems.

Setting up an S3 destination

  1. Open the dashboard and navigate to Team Settings > Notifications
  2. Create a new notification config or edit an existing one
  3. Under Send To, click Add destination and select S3
  4. In the Configuration panel, enter your S3 bucket details:
    • S3 Bucket Name: your AWS S3 bucket name
    • Region: the AWS region where your bucket is located
    • Path (optional): a prefix path within the bucket to organize files
  5. Click Save or Save & Test

S3 bucket policy

You need to grant cside permission to write to your S3 bucket. Apply the following bucket policy to your S3 bucket settings:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowCsideNotificationExport",
      "Effect": "Allow",
      "Action": ["s3:PutObject"],
      "Resource": "arn:aws:s3:::notifications-engine-test/*",
      "Principal": {
        "AWS": ["arn:aws:iam::590183952644:role/prod-cside-notifications-engine-sa-role"]
      }
    }
  ]
}
Important

Update the Resource field in the policy to match your S3 bucket ARN (e.g., arn:aws:s3:::your-bucket-name/*).

Alert format

Alerts are stored in the following JSON format. CSV files have the same fields in column format.

{
  "type": "HASH",
  "domain": "beverage.ltd",
  "target": "d6647696984a8df4df40ec2d6af8602ce9e6e239707f02851cbedeec601cccf3",
  "action": "alert"
}
Was this page helpful?