Sumo Logic AWS CloudTrail Application
Upcoming SlideShare
Loading in...5
×
 

Sumo Logic AWS CloudTrail Application

on

  • 691 views

The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.

The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.

Statistics

Views

Total Views
691
Views on SlideShare
691
Embed Views
0

Actions

Likes
1
Downloads
3
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Sumo Logic AWS CloudTrail Application Sumo Logic AWS CloudTrail Application Presentation Transcript

  • Sumo’s CloudTrail Integration - Overview Ariel Smoliar
  • Agenda  What is CloudTrail  CloudTrail Integration  CloudTrail Use Cases  Additional Resources
  • What is CloudTrail?  You are making API calls…  On a growing set of services around the world..  CloudTrial is continuously recording API calls…  And delivering log files to you Nice right? Let’s have some more details…
  • What is CloudTrail?  CloudTrail records API calls in your account and delivers a log file to your S3 bucket  Typically, delivers an event within 15 minutes of the API call  Log files are delivered ~5min
  • AWS Services Supported by CloudTrail
  • Recording API Calls - Variety of Use Cases
  • Information in a recorded API call  Who made the API call?  When was the API call made?  What was the API call?  What were the resources that were acted up on in the API call?  Where was the API call made from?
  • What is NOT recorded?  State transitions of AWS resources. Example: An EC2 instance transitioning from pending to a running state  Allowed or denied traffic information for VPC security groups and ACL’s  Successful and failed AWS Management Console sign-in events
  • CloudTrail Integration
  • CloudTrail Integration
  • CloudTrail Logs
  • AWS Console
  • AWS Console - S3 Bucket
  • CloudTrail Use Cases User Monitoring  Geo Location of All Users Operations Network and Security  Requested AWS services over time  Main users in the AWS account  Admin users activities over time  Authorization failures over time  Recent Activity by Administrative Users  Created and Deleted Network Security Events  Launched and terminated instances by user  Network and Security Events Over Time  Recent Security Group and Network ACL Changes  Network ACL with All Allowed Ingress/Egress  API calls by AWS region  Elastic IP address operations  Created and deleted resources over time
  • User Monitoring Dashboard
  • Network and Security Dashboard
  • Operations Dashboard
  • Multiple Environments
  • Admin Users
  • Sumo’s CloudTrail Documentation CloudTrail documentation
  • Additional Resources  CloudTrail blog  Applications webpage  CloudTrail press release