Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

Aviata Cloud Solo Flight Challenge Chapter 5: Centralizing Cross Cloud Security Events

  • Thu, Aug 29, 2024
  • 10:00AM - 12:00PM UTC
  • English
  • Eric Johnson
  • Technical Presentation
Login to register
Webcast Hero

Captain KubeAce Maverick and the Aviata team are still reeling from the Kubernetes attack that resulted in the theft of their valuable flight plan and pilot data. While the cloud team was able to hunt down the Baron Von Herrington crew member responsible for the breach, a critical design flaw was exposed. Captain Maverick’s Kubernetes network and audit logs were stored locally in the Aviata team’s AWS account, rather than centrally monitored by the security operations team.

Recognizing the logging architecture deficiency, Captain Maverick is bringing in expert Chief Architect Bessie Coleman to design a new logging strategy. Architect Coleman is recommending that the Aviata team’s Kubernetes audit logs be sent into the security operation team’s centralized Microsoft Sentinel workspace, where security events can be quickly detected and contained.

The new logging architecture requires your help. Permissions must be granted for the Microsoft Sentinel workspace to read the logs from the Aviata team’s AWS account. Event triggers are needed to notify Sentinel when new data is available. Log transformation and loading may be required for Sentinel to process the data. Join us to help Captain Maverick and the Aviata team bring their centralized monitoring, detection, and alerting capabilities to new heights.

Each monthly workshop in the series is independent of the others. There are no technical or educational dependencies from one to the others.

Who Should Attend

This workshop is ideal for cloud security professionals, DevOps engineers, system administrators, and anyone involved in cross-cloud security operations. Attendees will gain expertise in centralizing security event monitoring across multiple cloud platforms using Microsoft Sentinel and AWS.

Learning Objectives

  • Create a Microsoft Sentinel workspace
  • Understand how workload identity can allow an Azure service to assume an AWS IAM Role
  • Connect Microsoft Sentinel to Amazon Web Services to ingest Kubernetes log data
  • Write KQL queries to detect malicious Kubneretes events

Please scroll down for prerequisites and laptop requirements.

Meet the speaker

Eric Johnson
Eric Johnson

Eric Johnson

Principal Security Engineer

Eric is a co-founder and principal security engineer at Puma Security focusing on modern static analysis product development and DevSecOps automation. He is co-author and instructor for three SANS Cloud Security courses.

Read more about Eric Johnson