What is a one sentence summary of your feature request?
Enable direct log exporting from Netwrix Endpoint Protector (Cloud-Hosted) to Amazon S3 buckets to support cloud-native SIEM ingestion and eliminate the dependency on VPC-to-VPC connectivity.
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
Today, Netwrix Endpoint Protector (hosted by Netwrix) supports log forwarding to a customer environment via VPC-to-VPC connectivity. This works well for traditional AWS architectures, but does not accommodate customers who follow a cloud-native, serverless, or decoupled design, where Amazon S3 serves as the central landing zone for log ingestion into SIEM, analytics pipelines, or long-term storage.
The customer does not want to maintain VPC peering, routing configuration, or firewall rules — especially in multi-account or segregated environments. Instead, they require a simple, scalable, secure, and AWS-native method to receive logs directly into their S3 bucket, which integrates seamlessly with their SIEM pipelines (Athena, Lambda, OpenSearch, Splunk Forwarders, QRadar, etc.).
Why is this idea the best and future-proof solution?
Aligned with modern cloud architecture
Most AWS customers are shifting toward S3-centric log pipelines because S3 is durable, inexpensive, SIEM-agnostic, and integrates with every analytics service on AWS. Supporting S3 export makes Endpoint Protector compatible with this trend.
Removes dependency on network connectivity
No VPC peering, no routing tables, no firewall rules, no NAT gateways — drastically reducing operational overhead and simplifying cross-account/multi-VPC integration.
Better scalability and reliability
S3 acts as a buffer for SIEM ingestion, reducing bottlenecks and avoiding issues where SIEM endpoints are unreachable.
Security and compliance alignment
S3-based ingestion supports:
Server-side encryption (SSE-S3, SSE-KMS)
Object-level access policies
Audit tracking of every object action
This aligns strongly with compliance frameworks like HIPAA, GLBA, SOX, and GDPR.
Futureproofing the Netwrix ecosystem
Adding S3 support positions Endpoint Protector as a cloud-native product, enabling:
S3 → Lambda (real-time alert pipelines)
S3 → OpenSearch indexing
S3 → Athena query capabilities
S3 → Snowflake/Databricks ingestion
This unlocks modern SIEM + analytics possibilities without rebuilding infrastructure.
How do you currently solve the challenges you have by not having this feature?
Currently, the only supported method is VPC-to-VPC connectivity between Netwrix’s hosted Endpoint Protector environment and the customer’s AWS environment.
However:
The customer refuses to use VPC peering due to security segmentation, complexity, and governance restrictions.
Without S3 export support, logs cannot be transferred into their SIEM, meaning:
No centralized visibility
No incident response correlation
No activity monitoring from Endpoint Protector
Compliance reporting gaps
The challenge is not solved with the available methods — the customer remains unable to collect logs for their security stack.
There is currently no alternative for them within the product that achieves their required architecture.