Logstash for AWS security events?

Hi All,

I am new to Elasticsearch, and I have been assigned to a task to ingest AWS (CloudTrail, Config, and GuardDuty logs) from S3 buckets to Elastic Cloud for Security Compliance. This is the initial scope for Elastic, but it might change in a near future.

I wonder if there's a way to benefit from Logstash features without the necessity to deploy EC2 instances or containers. I have workmates who would prefer a lambda to parse and ingest logs to Elastic Cloud, as ideally we wouldn't like to manage any extra infrastructure to run Logstash. I am a bit concerned about losing the ability to use Logstash plugins and capabilities if we opt to go ahead with the lambda design.

Can anyone shed some light on this and help with some insights about pros and cons of using a lambda function to ingest logs to Elastic Cloud over Logstash?

Many thanks for your attention.

Marcos

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.