Centralizing Cloud Logs and Events with Microsoft Sentinel
HTML-код
- Опубликовано: 11 окт 2024
- Centralized cloud logging and monitoring is a crucial aspect of enterprise multicloud environments. Pulling cross-cloud events into a central SIEM / SOAR solution offers a consolidated view of all important logs and events generated across various accounts and regions, providing a single point of log access and an opportunity for log correlation.
In this webcast, join the authors of SEC549: Cloud Security Architecture to explore the push and pull logging architecture used by Microsoft Sentinel to ingest cross-cloud audit logs. Attendees will see the log journey from both AWS CloudTrail and Google Cloud Audit Logs into Microsoft Sentinel and learn some fun Kusto Query Language (KQL) queries to investigate cloud events.
Learning Objectives:
Understand push and pull log export architecture patterns
Learn how to set up a Sentinel data connector for AWS S3
Learn how to run Kusto Query Language (KQL) queries to find suspicious events
About the Speakers:
Eric Johnson is a Co-founder and Principal Security Engineer at Puma Security and a Senior Instructor with the SANS Institute. His experience includes cloud security assessments, cloud infrastructure automation, static source code analysis, web and mobile application penetration testing, secure development lifecycle consulting, and secure code review assessments. Eric is the lead author and an instructor for SEC540: Cloud Security and DevSecOps Automation and a co-author and instructor for both SEC549: Cloud Security Architecture, and SEC510: Cloud Security Controls and Mitigations. Additionally, Eric is a SANS Security Awareness Developer Training Advisory Board Member and SANS Analyst for Application Security and DevSecOps Surveys. Learn more about Eric at www.sans.org/p...
David Hazar is a security consultant based in Salt Lake City, Utah focused on vulnerability management, application security, cloud security, and DevOps. David has 20+ years of broad, deep technical experience gained from a wide variety of IT functions held throughout his career, including: Developer, Server Admin, Network Admin, Domain Admin, Telephony Admin, Database Admin/Developer, Security Engineer, Risk Manager, and AppSec Engineer. David is a co-author and instructor for LDR516: Building and Leading Vulnerability Management Programs and SEC549: Cloud Security Architecture, as well as an instructor for and contributor to SEC540: Cloud Security and DevSecOps Automation, and has also developed and led technical security training initiatives at many of the companies for which he has worked. Learn more about David at www.sans.org/p...
This webcast is based on content from SANS Institute SEC549: Cloud Security Architecture. Whether they are planning for the first workload, managing complex legacy environments, or operating in an advanced cloud-native ecosystem, SEC:549 teaches cyber security professionals how to design an enterprise-ready, scalable cloud organization. Learn more, review the syllabus, and access your free course demo at www.sans.org/c...
SANS Cloud Security focuses the deep resources of SANS on the growing threats to The Cloud by providing training, GIAC certification, research, and community initiatives to help security professionals build, deploy and manage secure cloud infrastructure, platforms, and applications.
SANS Cloud Security Curriculum: www.sans.org/cloud-security
GIAC Cloud Security Certifications: www.giac.org/f...
LinkedIn: / sanscloudsec
Discord: www.sansurl.com/cloud-discord
Twitter: @SANSCloudSec
this is a big help
but can you have a session where you filter the logs from the aws side before sending it to sentinel? is it even possible? how?