File integrity monitoring with AWS Systems Manager and Amazon Security Lake
Security Blog
This article presents a serverless file integrity monitoring solution using AWS Systems Manager, Amazon S3, Lambda, Security Hub, and Security Lake to detect unauthorized file changes on EC2 instances.
- Systems Manager Inventory collects file metadata from EC2 instances and syncs to versioned S3
- Lambda function compares inventory versions to detect created, modified, or deleted files
- Security findings generated in ASFF format and sent to Security Hub for centralized alerting
- Amazon Security Lake normalizes findings in OCSF format for standardized analysis
- Amazon Athena enables SQL queries on Security Lake data; QuickSight provides visual dashboards
- Solution supports custom file path patterns and severity levels via environment variables
- S3 Event Notifications trigger Lambda on new inventory objects for real-time detection
- Scalable alternative to AWS Config with enhanced flexibility and custom detection logic
This solution provides a flexible, serverless approach to file integrity monitoring with centralized security findings and advanced analytics capabilities across AWS accounts and regions.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2024
2024
2025
2024
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.