Can i ingest AWS Load Balancer logs to Azure Sentinel and also make it automate?

Occasional Contributor

I want to push Aws Load Balancer logs to Azure sentinel And make it automate. Can i do? If yes then Please help me, How its possible?

3 Replies

@Tayyab_Ilyas Depends what you mean by automate.  Not being all that familiar with AWS, I would guess you could get the logs pushed to S3 and ingested into Microsoft Sentinel.

 

From there, you could write an analytic rule that triggers off that information and have a Playbook kick off automatically when an incident is created.

 

If you want this to do something in AWS, you would need to create automation in AWS that can be kicked off by the playbook (probably via a REST call)

@Gary Bushey"From there, you could write an analytic rule that triggers off that information and have a Playbook kick off automatically when an incident is created"
yes i want this but without lambda function. Could it be?

If you want the automation to occur in Azure, and based on the text you selected you do, then you would need to setup an Automation rule that triggers whenever the incident you care about gets created. This link is a good place to start: https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules