Amazon Web Services S3 connector for Microsoft Sentinel

This connector allows you to ingest AWS service logs, collected in AWS S3 buckets, to Microsoft Sentinel. The currently supported data types are:

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute	Description
Log Analytics table(s)	AWSGuardDuty AWSVPCFlow AWSCloudTrail AWSCloudWatch
Data collection rules support	Supported as listed
Supported by	Microsoft Corporation

High severity findings summarized by activity type

Kusto

AWSGuardDuty
         
| where Severity > 7
         
| summarize count() by ActivityType

Top 10 rejected actions of type IPv4

Kusto

AWSVPCFlow
         
| where Action == "REJECT"
         
| where Type == "IPv4"
         
| take 10

User creation events summarized by region

Kusto

AWSCloudTrail
         
| where EventName == "CreateUser"
         
| summarize count() by AWSRegion

To integrate with Amazon Web Services S3 make sure you have:

Environment: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.

There are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:

For more information, go to the related solution in the Azure Marketplace.

Документация

Amazon Web Services connector for Microsoft Sentinel

Learn how to install the connector Amazon Web Services to connect your data source to Microsoft Sentinel.
Connect Microsoft Sentinel to Amazon Web Services to ingest AWS service log data

Use the AWS connector to delegate Microsoft Sentinel access to AWS resource logs, creating a trust relationship between Amazon Web Services and Microsoft Sentinel.
Connect Microsoft Sentinel to Amazon Web Services to ingest AWS WAF logs

Use the Amazon Web Services (AWS) S3-based Web Application Firewall (WAF) connector to ingest AWS WAF logs, collected in AWS S3 buckets, to Microsoft Sentinel.
Troubleshoot AWS S3 connector issues - Microsoft Sentinel

Troubleshoot AWS S3 connector issues in Microsoft Sentinel.
Ingest CloudWatch logs to Microsoft Sentinel - create a Lambda function to send CloudWatch events to S3 bucket

In this article, you create a Lambda function to send CloudWatch events to an S3 bucket.
Connect Microsoft Sentinel to other Microsoft services by using diagnostic settings-based connections

Learn how to connect Microsoft Sentinel to Microsoft services with diagnostic settings-based connections.
Microsoft Sentinel service limits

This article provides a list of service limits for Microsoft Sentinel.
Azure Storage Account connector for Microsoft Sentinel

Learn how to install the connector Azure Storage Account to connect your data source to Microsoft Sentinel.

Обучение

Модул

Connect data to Microsoft Sentinel using data connectors

Сертифициране

Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.