Sumo Logic AWS CloudTrail Application

1,561 views

Published on

The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
1,561
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
22
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Sumo Logic AWS CloudTrail Application

  1. 1. Sumo’s CloudTrail Integration - Overview Ariel Smoliar
  2. 2. Agenda  What is CloudTrail  CloudTrail Integration  CloudTrail Use Cases  Additional Resources
  3. 3. What is CloudTrail?  You are making API calls…  On a growing set of services around the world..  CloudTrial is continuously recording API calls…  And delivering log files to you Nice right? Let’s have some more details…
  4. 4. What is CloudTrail?  CloudTrail records API calls in your account and delivers a log file to your S3 bucket  Typically, delivers an event within 15 minutes of the API call  Log files are delivered ~5min
  5. 5. AWS Services Supported by CloudTrail
  6. 6. Recording API Calls - Variety of Use Cases
  7. 7. Information in a recorded API call  Who made the API call?  When was the API call made?  What was the API call?  What were the resources that were acted up on in the API call?  Where was the API call made from?
  8. 8. What is NOT recorded?  State transitions of AWS resources. Example: An EC2 instance transitioning from pending to a running state  Allowed or denied traffic information for VPC security groups and ACL’s  Successful and failed AWS Management Console sign-in events
  9. 9. CloudTrail Integration
  10. 10. CloudTrail Integration
  11. 11. CloudTrail Logs
  12. 12. AWS Console
  13. 13. AWS Console - S3 Bucket
  14. 14. CloudTrail Use Cases User Monitoring  Geo Location of All Users Operations Network and Security  Requested AWS services over time  Main users in the AWS account  Admin users activities over time  Authorization failures over time  Recent Activity by Administrative Users  Created and Deleted Network Security Events  Launched and terminated instances by user  Network and Security Events Over Time  Recent Security Group and Network ACL Changes  Network ACL with All Allowed Ingress/Egress  API calls by AWS region  Elastic IP address operations  Created and deleted resources over time
  15. 15. User Monitoring Dashboard
  16. 16. Network and Security Dashboard
  17. 17. Operations Dashboard
  18. 18. Multiple Environments
  19. 19. Admin Users
  20. 20. Sumo’s CloudTrail Documentation CloudTrail documentation
  21. 21. Additional Resources  CloudTrail blog  Applications webpage  CloudTrail press release

×