Go to the next step which is permission and choose AWSCloudTrailReadOnlyAccess.AWS Auto Scaling and Azure VM Scale Sets. Make sure Require External ID is selected and then and enter the External ID (Workspace ID) that can be found in the AWS connector page in the Azure Sentinel portal. AWS Batch and Azure Batch provision tens, hundreds, or thousands of compute resources based on the job requirements. Second is to create a role in IAM within AWS Account Azure Sentinel supports numerous data connectors that we can leverage.Ĭonnect your AWS CloudTrail with Azure Sentinelīefore we start following prerequisites neededįirst step is to create a workspace log analytic in Azure portal Azure Sentinel gives us an option to be used as a single pane to measure all the security related analytics and detection. Managing security and auditing in all those cloud environments will be a challenging task for administrators and security engineers. Most of the organizations are adopting the new trend of taking a multi cloud approach. Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.ĪWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Side note: In the case example you can find from the next chapter, I have used three (3) different S3 buckets, one for each data type. With the data received by Azure Sentinel, one can quickly build relevant use cases to monitor the wealth of data provided by CloudTrail, allowing AWS users to benefit the services of a powerful cloud based SIEM product without significant redesign of their AWS logging infrastructure. The main benefit of using the AWS S3 bucket for the integration is that you need to establish integration from Sentinel to one (1) AWS account and S3 bucket instead of all AWS accounts (CloudTrail scenario).
This solution is viable when it comes to multi cloud scenario and client wants to stick to existing SEIM tool which is Azure Sentinel. In order to have insights of both Azure Cloud and AWS cloud on single dashboard Azure Sentinel can be integrated with AWS CloudTrail Service.
0 kommentar(er)
