What Tables to use when enabling AWS WAF, CloudFront, Sign-in logs in S3 buckets?

%3CLINGO-SUB%20id%3D%22%5C%26quot%3Blingo-sub-3169415%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3EWhat%20Tables%20to%20use%20when%20enabling%20AWS%20WAF%2C%20CloudFront%2C%20Sign-in%20logs%20in%20S3%20buckets%3F%26lt%3B%5C%2Flingo-sub%26gt%3B%3CLINGO-BODY%20id%3D%22%5C%26quot%3Blingo-body-3169415%5C%26quot%3B%22%20slang%3D%22%5C%26quot%3Ben-US%5C%26quot%3B%22%3E%3CP%3EWhen%20I%20enable%20the%20Sentinel%20Connector%20for%20AWS%20S3%2C%20there%20are%203%20built-in%20tables%20to%20select%20from%3A%20CloudTrail%2C%20GuardDuty%2C%20and%20VPCFlowLogs.%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EWhat%20Tables%20to%20use%20when%20enabling%20AWS%20WAF%2C%20CloudFront%2C%20Sign-in%20etc.%20logs%20in%20S3%20buckets%20to%20flow%20into%20Sentinel%3F%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EThere%20are%203%20built-in%20SQS%20types%3A%20CloudTrail%2C%20GuardDuty%2C%20and%20VPCFlowLogs%20to%20select%20from.%20Is%20it%20best%20to%20use%201%20simple%20SQS%20for%20all%20types%20of%20logs%20in%20the%20one%20SIEM%20account%20S3%20bucket%20and%20CloudTrail%2C%20...%2C%20types%20of%20logs%20subsequent%20S3%20buckets%3F%26nbsp%3B%26lt%3B%5C%2FP%26gt%3B%3C%2FP%3E%3CP%3EHope%20to%20hear%20from%20you%20experts.%20Thank%20you.%26lt%3B%5C%2FP%26gt%3B%26lt%3B%5C%2Flingo-body%26gt%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3C%2FLINGO-SUB%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3169415%22%20slang%3D%22en-US%22%3EWhat%20Tables%20to%20use%20when%20enabling%20AWS%20WAF%2C%20CloudFront%2C%20Sign-in%20logs%20in%20S3%20buckets%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3169415%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20I%20enable%20the%20Sentinel%20Connector%20for%20AWS%20S3%2C%20there%20are%203%20built-in%20tables%20to%20select%20from%3A%20CloudTrail%2C%20GuardDuty%2C%20and%20VPCFlowLogs.%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20Tables%20to%20use%20when%20enabling%20AWS%20WAF%2C%20CloudFront%2C%20Sign-in%20etc.%20logs%20in%20S3%20buckets%20to%20flow%20into%20Sentinel%3F%3C%2FP%3E%3CP%3EThere%20are%203%20built-in%20SQS%20types%3A%20CloudTrail%2C%20GuardDuty%2C%20and%20VPCFlowLogs%20to%20select%20from.%20Is%20it%20best%20to%20use%201%20simple%20SQS%20for%20all%20types%20of%20logs%20in%20the%20one%20SIEM%20account%20S3%20bucket%20and%20CloudTrail%2C%20...%2C%20types%20of%20logs%20subsequent%20S3%20buckets%3F%26nbsp%3B%3C%2FP%3E%3CP%3EHope%20to%20hear%20from%20you%20experts.%20Thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Visitor

When I enable the Sentinel Connector for AWS S3, there are 3 built-in tables to select from: CloudTrail, GuardDuty, and VPCFlowLogs. 

What Tables to use when enabling AWS WAF, CloudFront, Sign-in etc. logs in S3 buckets to flow into Sentinel?

There are 3 built-in SQS types: CloudTrail, GuardDuty, and VPCFlowLogs to select from. Is it best to use 1 simple SQS for all types of logs in the one SIEM account S3 bucket and CloudTrail, ..., types of logs subsequent S3 buckets? 

Hope to hear from you experts. Thank you.

0 Replies