Ingesting from AWS & Azzure

Hi All

Just wondering if people are collecting logs from AWS or Azure and sending to elastic SIEM? Guard duty, cloudtrail etc.. How have you achieved this if so?

Hi @darkbeatz,

Short answer: yes. Our customers are collecting AWS and Azure logs into Elastic Security. We recently posted a blog where we outline a solution end-to-end to use the Filebeat module for AWS (or Azure) to collect the data and then leverage the free analytics we are shipping in the product to detect anomalous or malicious behavior. Also, make sure you check out the ML jobs we have available if you deploy in Elastic Cloud as they can easily detect anomalies at scale.

Let us know if you have any more questions or comments!

1 Like