Good afternoon, I'm trying to integrate AWS CloudTrail, CloudWatch, and GuardDuty alerts with Google SIEM Secops. My question is, what are the differences between sending these logs to Amazon S3 or Firehose and then to Google SIEM? Is it possible to send the logs from these cloud resources directly via API without any intermediary? Why? What do you recommend?
Integrate CloudTrail, CloudWatch, and Guardduty with Google secops SIEM - Queries
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.