Amazon Web Services S3 connector for Microsoft Sentinel
This connector allows you to ingest AWS service logs, collected in AWS S3 buckets, to Microsoft Sentinel. The currently supported data types are:
- AWS CloudTrail
- VPC Flow Logs
- AWS GuardDuty
- AWSCloudWatch
For more information, see the Microsoft Sentinel documentation.
This is autogenerated content. For changes, contact the solution provider.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | AWSGuardDuty AWSVPCFlow AWSCloudTrail AWSCloudWatch |
| Data collection rules support | Supported as listed |
| Supported by | Microsoft Corporation |
Query samples
High severity findings summarized by activity type
AWSGuardDuty
| where Severity > 7
| summarize count() by ActivityType
Top 10 rejected actions of type IPv4
AWSVPCFlow
| where Action == "REJECT"
| where Type == "IPv4"
| take 10
User creation events summarized by region
AWSCloudTrail
| where EventName == "CreateUser"
| summarize count() by AWSRegion
Prerequisites
To integrate with Amazon Web Services S3 make sure you have:
- Environment: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.
Vendor installation instructions
- Set up your AWS environment
There are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:
- Add connection
Next steps
For more information, go to the related solution in the Azure Marketplace.