Sumo Logic AWS CloudTrail Application

Post on 15-Jan-2015

624 views 4 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.

Transcript of Sumo Logic AWS CloudTrail Application

Sumo’s CloudTrail Integration - Overview

Ariel Smoliar

Agenda

What is CloudTrail

CloudTrail Integration

CloudTrail Use Cases

Additional Resources

What is CloudTrail?

You are making API calls…

On a growing set of services around the world..

CloudTrial is continuously recording API calls…

And delivering log files to you

Nice right? Let’s have some more details…

What is CloudTrail?

CloudTrail records API calls in your account and delivers a log file to your S3 bucket

Typically, delivers an event within 15 minutes of the API call

Log files are delivered ~5min

AWS Services Supported by CloudTrail

Recording API Calls - Variety of Use Cases

Information in a recorded API call

Who made the API call?

When was the API call made?

What was the API call?

What were the resources that were acted up on in the API call?

Where was the API call made from?

What is NOT recorded?

State transitions of AWS resources. Example: An EC2 instance transitioning from

pending to a running state

Allowed or denied traffic information for VPC security groups and ACL’s

Successful and failed AWS Management Console sign-in events

CloudTrail Integration

CloudTrail Integration

CloudTrail Logs

AWS Console

AWS Console - S3 Bucket

User Monitoring

Geo Location of All Users

Main users in the AWS account

Admin users activities over time

Recent Activity by Administrative Users

Launched and terminated instances by user

Operations

Requested AWS services over time

API calls by AWS region

Elastic IP address operations

Created and deleted resources over time

Network and Security

Authorization failures over time

Created and Deleted Network Security Events

Network and Security Events Over Time

Recent Security Group and Network ACL Changes

Network ACL with All Allowed Ingress/Egress

CloudTrail Use Cases

User Monitoring Dashboard

Network and Security Dashboard

Operations Dashboard

Multiple Environments

Admin Users

CloudTrail documentation

Sumo’s CloudTrail Documentation

https://support.sumologic.com/entries/30216746-Sumo-Logic-for-Amazon-CloudTrail-App

Additional Resources

CloudTrail blog

Applications webpage

CloudTrail press release

http://www.sumologic.com/blog/company/sumo-logic-application-for-aws-cloudtrail
http://www.sumologic.com/applications/aws-cloudtrail/
http://www.sumologic.com/follow-us/press/2013-11-13-sumo-logic-announces-integration-with-aws-cloudtrail.html

Top related

8KMiles aids a leading Internet FM ... - Amazon Web Services8kmprod.s3.amazonaws.com/wp-content/uploads/2016/... · AWS CloudTrail and AWS Config set up with Python AWS Lambda for
 Documents
Security at Scale: Logging in AWS Web Services – Security at Scale: Logging in AWS October 2015 Page 1 of 16 Security at Scale: Logging in AWS How AWS CloudTrail can help you achieve
 Documents
Use Sumo Logic to View your AWS Metrics and Logs
 Software
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Invent 2013
 Technology
Deep Dive: Infrastructure as Code - AWS - Amazon S3and...Deep Dive: Infrastructure as Code Steven Bryen – Solutions Architect, AWS Raj Wilkhu ... AWS CloudTrail ! AWS CloudWatch
 Documents
Getting Started with AWS - Sysfore · AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, ... Getting Started with AWS Amazon Web Services
 Documents
(SEC403) Diving into AWS CloudTrail Events w/ Apache Spark on EMR
 Technology
CloudSec Fundamentals: Getting shit done · 2020. 11. 19. · Low hanging fruit examples (AWS) AWS GuardDuty - Generates alerts based on Flow Logs + DNS queries + AWS Cloudtrail logs
 Documents
Aws cloudtrail Ug
 Documents
Code Signing for AWS IoT - Developer Guide · 2020-04-06 · Code Signing for AWS IoT Developer Guide Supported Regions CloudTrail You can use AWS CloudTrail to record API calls that
 Documents
AWS Webcast - Sumo Logic
 Technology
(SEC318) AWS CloudTrail Deep Dive
 Technology
Amazon AI Services - Amazon Web Servicesaws-de-media.s3-eu-west-1.amazonaws.com/images... · Amazon AI Services. ... Cognito CloudTrail CloudWatch AWS Services Action AWS Lambda ...
 Documents
AWS Config - Developer Guide Config Developer Guide Deleting a Service-Linked Role for AWS Config 157 Logging AWS Config API Calls with AWS CloudTrail 158 AWS Config Information
 Documents
How banks are using Cloud to improve security AWS Christophe... · AWS Config. AWS CloudTrail. Amazon CloudWatch. VPC Flow Logs. AWS Systems Manager. AWS Shield. AWS WAF – Web application
 Documents
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June 2017 AWS Online Tech Talks
 Technology
AWS CloudTrail - Guia do usuário...AWS CloudTrail Guia do usuário Como CloudTrail funciona Se for adicionada alguma região depois que você criar uma trilha que se aplica a todas
 Documents
Mitigate Risks Using Cloud-Native Infrastructure Security · AWS Cloud us-east-1a Availability Zone Services VPC 10.1.0.0/16 Proof of Concept VPC 10.250.0.0/16 AWS CloudTrail AWS
 Documents
Introduction to Auditing the Use of AWS Web Services – Introduction to Auditing the Use of AWS October 2015 Page 2 of 28 ... Verifiable- Using AWS CloudTrail, Amazon CloudWatch,
 Documents
Consuming The DataLake€¦ · AWS KMS AWS CloudTrail Manage & Secure AWS IAM Amazon CloudWatch AWS Snowball AWS Storage Gateway Amazon Kinesis Data Firehose AWS Direct Connect AWS
 Documents

Copyright © 2022 FDOCUMENTS