Upload File

sumo logic aws cloudtrail application

21
Sumo’s CloudTrail Integration - Overview Ariel Smoliar

Upload: ariel-smoliar

Post on 15-Jan-2015

626 views

Category:

Technology


4 download

Report

Tags:

DESCRIPTION

The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.

TRANSCRIPT

Page 1: Sumo Logic AWS CloudTrail Application

Sumo’s CloudTrail Integration - Overview

Ariel Smoliar

Page 2: Sumo Logic AWS CloudTrail Application

Agenda

What is CloudTrail

CloudTrail Integration

CloudTrail Use Cases

Additional Resources

Page 3: Sumo Logic AWS CloudTrail Application

What is CloudTrail?

You are making API calls…

On a growing set of services around the world..

CloudTrial is continuously recording API calls…

And delivering log files to you

Nice right? Let’s have some more details…

Page 4: Sumo Logic AWS CloudTrail Application

What is CloudTrail?

CloudTrail records API calls in your account and delivers a log file to your S3 bucket

Typically, delivers an event within 15 minutes of the API call

Log files are delivered ~5min

Page 5: Sumo Logic AWS CloudTrail Application

AWS Services Supported by CloudTrail

Page 6: Sumo Logic AWS CloudTrail Application

Recording API Calls - Variety of Use Cases

Page 7: Sumo Logic AWS CloudTrail Application

Information in a recorded API call

Who made the API call?

When was the API call made?

What was the API call?

What were the resources that were acted up on in the API call?

Where was the API call made from?

Page 8: Sumo Logic AWS CloudTrail Application

What is NOT recorded?

State transitions of AWS resources. Example: An EC2 instance transitioning from

pending to a running state

Allowed or denied traffic information for VPC security groups and ACL’s

Successful and failed AWS Management Console sign-in events

Page 9: Sumo Logic AWS CloudTrail Application

CloudTrail Integration

Page 10: Sumo Logic AWS CloudTrail Application

CloudTrail Integration

Page 11: Sumo Logic AWS CloudTrail Application

CloudTrail Logs

Page 12: Sumo Logic AWS CloudTrail Application

AWS Console

Page 13: Sumo Logic AWS CloudTrail Application

AWS Console - S3 Bucket

Page 14: Sumo Logic AWS CloudTrail Application

User Monitoring

Geo Location of All Users

Main users in the AWS account

Admin users activities over time

Recent Activity by Administrative Users

Launched and terminated instances by user

Operations

Requested AWS services over time

API calls by AWS region

Elastic IP address operations

Created and deleted resources over time

Network and Security

Authorization failures over time

Created and Deleted Network Security Events

Network and Security Events Over Time

Recent Security Group and Network ACL Changes

Network ACL with All Allowed Ingress/Egress

CloudTrail Use Cases

Page 15: Sumo Logic AWS CloudTrail Application

User Monitoring Dashboard

Page 16: Sumo Logic AWS CloudTrail Application

Network and Security Dashboard

Page 17: Sumo Logic AWS CloudTrail Application

Operations Dashboard

Page 18: Sumo Logic AWS CloudTrail Application

Multiple Environments

Page 19: Sumo Logic AWS CloudTrail Application

Admin Users

Page 20: Sumo Logic AWS CloudTrail Application

CloudTrail documentation

Sumo’s CloudTrail Documentation

https://support.sumologic.com/entries/30216746-Sumo-Logic-for-Amazon-CloudTrail-App
Page 21: Sumo Logic AWS CloudTrail Application

Additional Resources

CloudTrail blog

Applications webpage

CloudTrail press release

http://www.sumologic.com/blog/company/sumo-logic-application-for-aws-cloudtrail
http://www.sumologic.com/applications/aws-cloudtrail/
http://www.sumologic.com/follow-us/press/2013-11-13-sumo-logic-announces-integration-with-aws-cloudtrail.html

Windows on AWS - london-summit-slides …london-summit-slides-2017.s3.amazonaws.com/How AWS can help yo… · AWS IAM Amazon S3 AWS CloudTrail AWS Config Logging and monitoring platform

SAP on AWS Webinar - Sprinklr · PDF file · 2017-10-16SAP on AWS Webinar Deployment of SAP Solutions on AWS ... AWS AWS IAM CloudTrail AWS Quick Starts AWS Service Catalog ... Follows

AWS CloudTrail - ユーザーガイド...AWS CloudTrail ユーザーガイド CloudTrail の詳細 AWS CloudTrail とは AWS CloudTrail は、AWS アカウントのガバナンス、コンプライアンス、および運用とリスクの監査を

AWS CloudTrail - Guia do usuário...AWS CloudTrail Guia do usuário Como CloudTrail funciona Se for adicionada alguma região depois que você criar uma trilha que se aplica a todas

AWS CloudTrail - 使用者指南...AWS CloudTrail 使用者指南 CloudTrail 工作流程 CloudTrail API 建立線索時,這是預設選項。如需更多詳細資訊,請參閱

Webinar: Securely Configuring and Mining AWS CloudTrail

Integrate AWS CloudTrail

AWS Black Belt Techシリーズ AWS CloudTrail & CloudWatch Logs

Standardized Architecture for PCI DSS on the AWS … Architecture for PCI DSS on the AWS Cloud ... Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, and AWS

Decoding AWS CloudTrail with OSSEC Presented By: Barry O Meara – Pre Sales Engineer EMEA

Deep Dive: Infrastructure as Code - AWS - Amazon S3and...Deep Dive: Infrastructure as Code Steven Bryen – Solutions Architect, AWS Raj Wilkhu ... AWS CloudTrail ! AWS CloudWatch

AWS Config - Developer Guide Config Developer Guide Deleting a Service-Linked Role for AWS Config 157 Logging AWS Config API Calls with AWS CloudTrail 158 AWS Config Information

AWS Identity and Access Management - 사용 설명서 · 2021. 3. 1. · CloudTrail 로그의 IAM API 이벤트의 예..... 350 CloudTrail 로그의 AWS STS API 이벤트의 예

Code Signing for AWS IoT - Developer Guide · 2020-04-06 · Code Signing for AWS IoT Developer Guide Supported Regions CloudTrail You can use AWS CloudTrail to record API calls that

AWS Black Belt Tech シリーズ 2015 AWS CloudTrail & AWS Config

Aws cloudtrail Ug

Transparency and Control with AWS CloudTrail and AWS Config

Security on AWS - resources.trendmicro.com IAM Amazon CloudWatch AWS CloudTrail AWS Config AWS CloudFormation AWS Trusted Advisor

How banks are using Cloud to improve security AWS Christophe... · AWS Config. AWS CloudTrail. Amazon CloudWatch. VPC Flow Logs. AWS Systems Manager. AWS Shield. AWS WAF – Web application

(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:Invent 2014

AWS CloudTrail & AWS Config...2015/07/15  · AWS CloudTrail & AWS Config 2015/07/15 AWS Black Belt Tech Webinar 2015 アマゾンデータサービスジャパン株式会社 パートナー

Getting Started with AWS - Sysfore · AWS CloudTrail, AWS CodeDeploy, Amazon Cognito, Amazon DevPay, DynamoDB, ElastiCache, Amazon EC2, ... Getting Started with AWS Amazon Web Services

AWS CloudTrail - API Reference€¦ · 01/11/2013  · more information about the AWS SDKs, including how to download and install them, see Tools to Build on AWS . See the AWS CloudTrail

AWS CloudTrail - Guía del usuario · AWS CloudTrail Guía del usuario Funcionamiento de CloudTrail Un registro de seguimiento aplicable a todas las regiones Cuando se crea un registro

FortiSIEM 4.8.1 User Guide · 1.4.2.6.2 AWS CloudTrail API Configuration ... 1.4.2.8.2 Cisco ... 1.4.2.8.4 MalwareBytes Configuration

AWS CloudTrail & AWS Configd0.awsstatic.com/.../services/20150715-aws-blackbelt-cloudtrail_con… · AWS CloudTrail & AWS Config 2015/07/15 AWS Black Belt Tech Webinar 2015 アマゾンデータサービスジャパン株式会社

Introduction to AWS Security and Compliance€¦ · AWS CloudTrail CloudTrail can help you achieve many tasks • Security analysis • Track changes to AWS resources, for example

Deep Dive AWS CloudTrail

Consuming The DataLake€¦ · AWS KMS AWS CloudTrail Manage & Secure AWS IAM Amazon CloudWatch AWS Snowball AWS Storage Gateway Amazon Kinesis Data Firehose AWS Direct Connect AWS

AWS Black Belt Online Seminar AWS CloudTrail & AWS Config · 業界カットでの使い ... CloudFormation を使った通知 ... Sumologicの始め方 Part2: Sumologicの検索(CloudTrailのログ解析)

TECHNICAL BRIEF Expert-enabled SaaS Security built for AWS...AlertLogic.com EXPERT-ENABLED SAAS SECURITY BUILT FOR AWS 3 Security Integrated (cont.) AWS CLOUDTRAIL AWS CloudTrail records

(SEC318) AWS CloudTrail Deep Dive

Manage Security & Compliance of Your AWS Account using CloudTrail

AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Invent 2013

Getting Enterprises on Track with Advanced Analytics · AWS Dynamo AWS Batch AWS CloudTrail Amazon Redshift AWS Quicksight Reporting & dashboards BUSINESS INTELLIGENCE DATA ACCESS