Is there any documentation or information available on ingesting AWS CloudWatch logs into SecOps? We have documentation available for CloudTrail, but were unable to find any for CloudWatch. Appreciate any advice.
Ingesting AWS CloudWatch logs into SecOps SIEM
+1
+6I have seen customers sending logs using AWS bucket or using HTTPS Push feed.
+1I have seen customers sending logs using AWS bucket or using HTTPS Push feed.
Is there any supporting documentation for the S3 method?
+7- Bronze 1
We don't have cloudwatch yet, but we successfully tested SecurityHub via Amazon Data Firehose and you can read our docs here. I believe you can use a similar method, just send CloudWatch to Firehose via CloudWatch subscription filters
That would be an alternative method to S3. Of course you can use the S3 Export as well, I think this works.
Hope this helps!
+1We don't have cloudwatch yet, but we successfully tested SecurityHub via Amazon Data Firehose and you can read our docs here. I believe you can use a similar method, just send CloudWatch to Firehose via CloudWatch subscription filters
That would be an alternative method to S3. Of course you can use the S3 Export as well, I think this works.
Hope this helps!
Thank you, let me take a look at the S3 method and get back.
+16We don't have cloudwatch yet, but we successfully tested SecurityHub via Amazon Data Firehose and you can read our docs here. I believe you can use a similar method, just send CloudWatch to Firehose via CloudWatch subscription filters
That would be an alternative method to S3. Of course you can use the S3 Export as well, I think this works.
Hope this helps!
I love that I just searched for some AWS info and found a guide that our partner put together in meticulous detail. Thank you providing this type of collateral to the larger community and please continue to so on any of these "one-off" modules.
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.