• Support
  • Forums
  • Blogs

Are You Logging Events in Your Cloud Implementations?

blesliebleslie

AlienVault Employee
+13
Not to sound dramatic, but log data is the lifeblood of your security posture. The data captured in the logs of your network devices, systems, and applications feeds into your Security Information and Event Management (SIEM) solution, telling you who, what, when, where, and how an attack happened—or, better yet—how an attack is happening so that you can respond immediately.

So, how does log management evolve as you migrate services and workloads to public cloud infrastructure? Read the blog by Danielle Russell, Sr. Product Marketing Manager to learn our perspective - and then tell us: Are you logging events in your cloud implementations? 

cloud
hbaxamoosajbcarsonTheCyberSentryddumas

Share post:

«1

Comments

  • We log activity of cloud applications if we have ability to. Some applications we can, some we can't.
    TheCyberSentrybleslieScrubbylady
  • Most of my products send logs to my sensor via the cloud. Everything that touches our domain controller gets reported.
    bleslie
  • Currently do not have anything in the cloud but moving that direction by the end of 3rd quarter.  Looking into our options for log collection to the USM.
    bleslie
  • We are just on the brink of moving to cloud apps as well. Depending on what logs we need from Office 365 will affect how I collect logs. I use Alienvault to be a "single point" for collecting so I will be trying to dump everything to AV.
    bleslie
  • We are only just starting to plan for the adoption of cloud resources but security (incl. AlienVault) will be a big part of this. 
    bleslie
  • Have not looked into sending logs from cloud apps to USM.  Need to investigate options soon.

    bleslie
  • We're new to cloud services, so I'm researching what data is available from those services to pull back into USM.  It'll be interesting to see how it works, and how reporting will look.



    bleslie
  • We currently don't have anything cloud services, but I can see that changing. Having log collection for these services would be a high priority to me.
    bleslie
  • Absolutely - cloud is merely an extension to our on premise environments, and without logs you're blind!
    bleslie
  • We had a basic setup but we are starting to use more logs to enhance our own view on our systems.
    bleslie
  • We do not use cloud based systems. I am very cautious concerning using cloud-based solutions. If we did use cloud solutions, I would definitely save the logs for critical systems. Storage space is a huge concern when deciding which systems to save logs and for how long.
    bleslie
  • We currently have a single application in the cloud, and now we're looking at pulling it back to local (change in managers). Currently don't monitor, though if we don't move back soon we will!
    bleslie
  • We are logging everything.  The more I log, the more complete the AlienVault system can help protect my network.
    bleslie
  • We are a number of systems to the cloud.  We are working on setting this up.
    bleslie
  • IN the cloud Environment How does the AV monitors the Net flow?
    Sensors will receive the logs from the Host/Devices. How the network traffic will be monitored? Most of the signatures received from OTX are based on NIDS.

    Plz correct me if im wrong?

    bleslie
  • We currently in-house a lot of our data, but those that are housed in the cloud are being monitored by the vendor that provided the program. 

    bleslie
  • We log all cloud data back to our AlienVault. We are also in the process of continuing to define better directives to create better alarms in that "single pane of glass"
    bleslie
  • USM anywhere has pretty good idea to analyze cloud traffic ,but currently their is no plan to use cloud based sensor but in future might be used USM Anywhere
    bleslie
  • We used to have a USM for AWS when most of our servers are still in the cloud when most of our servers are still in the cloud.
    bleslie
  • We In house alot of our Data since we are a MSP and our clients sometimes prefer it that way. 
    bleslie
  • Currently using NXLog to capture log data from Windows infrastructure but moving to WinlogBeat feeding into Kibana and then sending the data over to USM Anywhere. This way we get to collect logs once and analyse them in different systems - Kibana for App and performance monitoring and USM Anywhere for SIEM. 
    blesliecsoderquist
  • No cloud presence YET, but we know AlienVault will help us deal with it.
    bleslie
  • Our cloud is internal on a ESXi Virtual Center Stack, and we monitor all the student VM's with AlienVault
    bleslie
  • No cloud services yet but soon will.  hopefully AV will be able to help...
    bleslie
  • Send my Palo Alto logs to USM, hoping to find coorelations.
    bleslie
  • We run a Public Cloud solution (Software-as-a-Service), but log our data within the USM in our Private Cloud environment.
    bleslie
  • I think is necessary always have the most data to discovery security breach
    bleslie
  • If using Office365 utilizing Azure AD, don't forget to pull down the AD logs into AlienVault.  Those logs are just as important as on prem AD logging.  With more companies making the move to Office365, I think Azure AD log visibility is becoming an afterthought.
    bleslieScott_Sciarrino
  • Cloud logging is hard. 
    bleslie
  • We love our logs!
    bleslie
Sign In or Register to comment.