Good afternoon, I'm trying to integrate AWS CloudTrail, CloudWatch, and GuardDuty alerts with Google SIEM Secops. My question is, what are the differences between sending these logs to Amazon S3 or Firehose and then to Google SIEM? Is it possible to send the logs from these cloud resources directly via API without any intermediary? Why? What do you recommend?
Solved
Integrate CloudTrail, CloudWatch, and Guardduty with Google secops SIEM - Queries
Best answer by Eoved
Hello,
There are differences between these integration methods (from a cost perspective, log latency, and more). You should follow the best practices recommended by the vendor to ensure your integration is up to date and that the logs are properly adjusted to the system (parse and ingest methods).
Please review the following guides:
+8- Bronze 2
- Answer
Hello,
There are differences between these integration methods (from a cost perspective, log latency, and more). You should follow the best practices recommended by the vendor to ensure your integration is up to date and that the logs are properly adjusted to the system (parse and ingest methods).
Please review the following guides:
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.