cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS WAF logs to Sentinel and the S3 Data Connector

Porter76
Copper Contributor

‎Aug 22 2023 01:23 PM

‎Aug 22 2023 01:23 PM

AWS WAF logs to Sentinel and the S3 Data Connector

Looking to get our AWF WAF logs into Sentinel but not really sure which route to take. Looking at the S3 data connector, there's only 4 data tables (VPCFlow, Guardduty, Cloudtrails, Cloudwatch) which makes me think I can't send these logs to an S3 bucket and have Sentinel ingest them as the logs won't be supported.

 

What are my options here as far as getting these logs into the SIEM? Custom connectors?

 

Thanks.

Labels:
153 Views
0 Likes
1 Reply
Reply
1 Reply
BillClarksonAntill

‎Sep 14 2023 09:36 PM

‎Sep 14 2023 09:36 PM

Re: AWS WAF logs to Sentinel and the S3 Data Connector

here's a list of options for getting data from AWS into Microsoft Sentinel

Custom connectors is an approach you can go down
Codeless connectors is another good option API to API connectivity
out of the box AWS connectors
Content Hub has some cool stuff

Build something yourself using a Logic app / Function App / Cribl Logstream (if you have this)

Really depends what you are trying to achieve.
0 Likes
Reply