Use the procedures in this section to encrypt your AWS S3 buckets using AWS Key Management Service (AWS KMS).
We recommend that you use AWS KMS to encrypt your S3 buckets used with Carbon Black Cloud Data Forwarder. Using server-side encryption (SSE) with AWS KMS means that if the S3 bucket is accidentally opened up to the world, only those with the customer managed key (CMK) can decrypt files stored in the AWS KMS encrypted bucket.
KMS and Integrations
When integrating with an application such as Splunk to pull data out of the bucket, you must also grant sufficient access to the (Bucket, KMS key) for the integration's User or Role to retrieve unencrypted data from the bucket.