Centralizing Cloud Logs and Events with Microsoft Sentinel

Centralized cloud logging and monitoring is a crucial aspect of enterprise multicloud environments. Pulling cross-cloud events into a central SIEM / SOAR solution offers a consolidated view of all important logs and events generated across various accounts and regions, providing a single point of log access and an opportunity for log correlation.


In this webcast, join the authors of SEC549: Cloud Security Architecture to explore the push and pull logging architecture used by Microsoft Sentinel to ingest cross-cloud audit logs. Attendees will see the log journey from both AWS CloudTrail and Google Cloud Audit Logs into Microsoft Sentinel and learn some fun Kusto Query Language (KQL) queries to investigate cloud events.


Learning Objectives:

  • Understand push and pull log export architecture patterns
  • Learn how to set up a Sentinel data connector for AWS S3
  • Learn how to run Kusto Query Language (KQL) queries to find suspicious events

This webcast is based on content from SANS Institute SEC549: Cloud Security Architecture. Whether they are planning for the first workload, managing complex legacy environments, or operating in an advanced cloud-native ecosystem, SEC:549 teaches cyber security professionals how to design an enterprise-ready, scalable cloud organization. Click here for more information about SEC549 and access to the free Course Demo.

Speaker and Presenter Information

Eric Johnson

Relevant Government Agencies

Other Federal Agencies, Federal Government, State & Local Government

Event Type

Wed, May 29, 2024, 10:00am ET

Complimentary:    $ 0.00

Click here to visit event website

SANS Institute

Contact Event Organizer

Return to search results