Centralizing Cloud Logs and Events with Microsoft Sentinel

  • Wednesday, 29 May 2024 10:00AM EST (29 May 2024 14:00 UTC)
  • Speaker: Eric Johnson

Centralized cloud logging and monitoring is a crucial aspect of enterprise multicloud environments. Pulling cross-cloud events into a central SIEM / SOAR solution offers a consolidated view of all important logs and events generated across various accounts and regions, providing a single point of log access and an opportunity for log correlation.

In this webcast, join the authors of SEC549: Cloud Security Architecture to explore the push and pull logging architecture used by Microsoft Sentinel to ingest cross-cloud audit logs. Attendees will see the log journey from both AWS CloudTrail and Google Cloud Audit Logs into Microsoft Sentinel and learn some fun Kusto Query Language (KQL) queries to investigate cloud events.

Learning Objectives:

  • Understand push and pull log export architecture patterns
  • Learn how to set up a Sentinel data connector for AWS S3
  • Learn how to run Kusto Query Language (KQL) queries to find suspicious events

This webcast is based on content from SANS Institute SEC549: Cloud Security Architecture. Whether they are planning for the first workload, managing complex legacy environments, or operating in an advanced cloud-native ecosystem, SEC:549 teaches cyber security professionals how to design an enterprise-ready, scalable cloud organization. Click here for more information about SEC549 and access to the free Course Demo.

Webcast: Centralizing Cloud Logs and Events with Microsoft Sentinel