Forum Discussion
Loading Cloudfront logs into Sentinel
Hi, I am after suggestions on the best way of loading AWS Cloudfront logs into Microsoft Sentinel. I have the Sentinel AWS connector deployed and it is ingesting Cloudtrail events. The connector do...
Please share the link you found about this.
I looked at Logic Apps and couldn't see an easy way to do this. There are connectors to read from AWS S3 and write to Log Analytics. I couldn't see an easy way to translate the data - write to log analytics requires the data be in JSON format.
I looked at Logic Apps and couldn't see an easy way to do this. There are connectors to read from AWS S3 and write to Log Analytics. I couldn't see an easy way to translate the data - write to log analytics requires the data be in JSON format.
Did you manage to find a solution? I am starting to explore this now as well.
- Not as of yet.
Passing the logs through Cloudwatch looks to be the easiest way. The Sentinel connector can pick these up natively. My concern with this is that it would bill for ingested data twice.- I didn't think about the data possibly being ingested twice.