Forum Discussion
Loading Cloudfront logs into Sentinel
Hi, I am after suggestions on the best way of loading AWS Cloudfront logs into Microsoft Sentinel. I have the Sentinel AWS connector deployed and it is ingesting Cloudtrail events. The connector do...
Did you manage to find a solution? I am starting to explore this now as well.
Not as of yet.
Passing the logs through Cloudwatch looks to be the easiest way. The Sentinel connector can pick these up natively. My concern with this is that it would bill for ingested data twice.
Passing the logs through Cloudwatch looks to be the easiest way. The Sentinel connector can pick these up natively. My concern with this is that it would bill for ingested data twice.
- I didn't think about the data possibly being ingested twice.