cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Integration with Amazon s3

Steve Switzer
Copper Contributor

‎Sep 07 2017 06:46 AM

‎Sep 07 2017 06:46 AM

Integration with Amazon s3

Hi All

 

Nice to be here.

We would like to monitor out amazon s3 estate and since we have what is effectively a CASB in microsoft cloud app security the i was thinking of using the api to push logs from the amazon s3 to CAP.

Now at cloud sec last week had a chat to a top amazon techie and he suggested using cloud trail and putting that into our SIEM would be a better solution , he suggested that the APIs to connect to CAP might not read all of the amazon data whereas cloud trail would see more.

Personnally the CAP seems to just work unlike a SIEM which i think would take a lot of tuning.

Had anyone actually done this .....  pushed amazon data via an api into the CAP .. does it work ok and what do you think of it . 

Labels:
3,526 Views
0 Likes
4 Replies
Reply
4 Replies
Dima Donhin

‎Sep 07 2017 07:50 AM

‎Sep 07 2017 07:50 AM

Re: Integration with Amazon s3

Hello Steve,

In answering I'll assume that by CAP you mean Cloud App Security (CAS), which is the Microsoft CASB product.

CAS is not meant to act as a SIEM server and consume various logs from services. It has a list of services that are supported, once of which is AWS.

The current AWS support does not include S3 monitoring, but it is something is that planned for the future.

In the meantime you can read mroe info about the CAS integration with AWS here: https://docs.microsoft.com/en-us/cloud-app-security/connect-aws-to-microsoft-cloud-app-security

 

Regards,

Dima.

0 Likes
Reply
Steve Switzer

‎Sep 07 2017 07:51 AM

‎Sep 07 2017 07:51 AM

RE: Integration with Amazon s3

Thanks Dima
0 Likes
Reply
Steve Switzer

‎Sep 07 2017 07:54 AM

‎Sep 07 2017 07:54 AM

RE: Integration with Amazon s3

Looking at the doc you gave me it looks like this is a json config to allow cloud trail so if i put cloudtrail into the CAS then there isnt a lot of point putting it into to the SIEM , i am quite new to this so feel free to correct me
0 Likes
Reply
Dima Donhin

‎Sep 07 2017 07:58 AM

‎Sep 07 2017 07:58 AM

Re: RE: Integration with Amazon s3

The JSON in the doc is specific to the events that CAS knows and can process and parse, if you provide events that are unfamiliar they will not be processed.

 

0 Likes
Reply