Редагувати

Поділитися через


Amazon Web Services S3 connector for Microsoft Sentinel

This connector allows you to ingest AWS service logs, collected in AWS S3 buckets, to Microsoft Sentinel. The currently supported data types are:

  • AWS CloudTrail
  • VPC Flow Logs
  • AWS GuardDuty
  • AWSCloudWatch

For more information, see the Microsoft Sentinel documentation.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) AWSGuardDuty
AWSVPCFlow
AWSCloudTrail
AWSCloudWatch
Data collection rules support Supported as listed
Supported by Microsoft Corporation

Query samples

High severity findings summarized by activity type

AWSGuardDuty
         
| where Severity > 7
         
| summarize count() by ActivityType

Top 10 rejected actions of type IPv4

AWSVPCFlow
         
| where Action == "REJECT"
         
| where Type == "IPv4"
         
| take 10

User creation events summarized by region

AWSCloudTrail
         
| where EventName == "CreateUser"
         
| summarize count() by AWSRegion

Prerequisites

To integrate with Amazon Web Services S3 make sure you have:

  • Environment: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.

Vendor installation instructions

  1. Set up your AWS environment

The​re are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:

  1. Add connection

Next steps

For more information, go to the related solution in the Azure Marketplace.