Forum Discussion
AWS WAF logs to Sentinel and the S3 Data Connector
Looking to get our AWF WAF logs into Sentinel but not really sure which route to take. Looking at the S3 data connector, there's only 4 data tables (VPCFlow, Guardduty, Cloudtrails, Cloudwatch) which makes me think I can't send these logs to an S3 bucket and have Sentinel ingest them as the logs won't be supported.
What are my options here as far as getting these logs into the SIEM? Custom connectors?
Thanks.
- here's a list of options for getting data from AWS into Microsoft Sentinel
Custom connectors is an approach you can go down
Codeless connectors is another good option API to API connectivity
out of the box AWS connectors
Content Hub has some cool stuff
Build something yourself using a Logic app / Function App / Cribl Logstream (if you have this)
Really depends what you are trying to achieve.
