Centralizing Cloud Logs and Events with Microsoft Sentinel

Centralized cloud logging and monitoring is a crucial aspect of enterprise multicloud environments. Pulling cross-cloud events into a central SIEM / SOAR solution offers a consolidated view of all important logs and events generated across various accounts and regions, providing a single point of log access and an opportunity for log correlation.

 

In this webcast, join the authors of SEC549: Cloud Security Architecture to explore the push and pull logging architecture used by Microsoft Sentinel to ingest cross-cloud audit logs. Attendees will see the log journey from both AWS CloudTrail and Google Cloud Audit Logs into Microsoft Sentinel and learn some fun Kusto Query Language (KQL) queries to investigate cloud events.

 

Learning Objectives:

  • Understand push and pull log export architecture patterns
  • Learn how to set up a Sentinel data connector for AWS S3
  • Learn how to run Kusto Query Language (KQL) queries to find suspicious events

This webcast is based on content from SANS Institute SEC549: Cloud Security Architecture. Whether they are planning for the first workload, managing complex legacy environments, or operating in an advanced cloud-native ecosystem, SEC:549 teaches cyber security professionals how to design an enterprise-ready, scalable cloud organization. Click here for more information about SEC549 and access to the free Course Demo.

Speaker Details

Eric Johnson

Event Topic

Cloud Computing, IT, Technology

Relevant Audiences

All State and Local Government, All Federal Government

Other Agency

Other Federal Agencies
Centralizing Cloud Logs and Events with Microsoft Sentinel
Event Type
Virtual / Online
Event Subtype
Webinar / Webcast
When
Wed, May 29, 2024 | 10:00 am ET
Registration Cost
Complimentary
Website
Click here to view event website
Organizer
SANS Institute