cloud security monitoring at auth0 - art into science
Post on 07-Feb-2017
147 Views
Preview:
TRANSCRIPT
Cloud Security Monitoring
Art into Science: A Conference for Defense Eugene Kogan - @eugk - January, 2017
Splunk Graylog
Elastic Stack Loggly
Logentries Fluentd
Sumo Logic
AWS G Suite Dropbox GitHub GitLab Slack Zendesk Salesforce Jenkins Syslog Webhooks
_sourceCategory=cloudtrail_aws_logs* | json auto | where event_name matches "*Trail" or event_name matches "StartLogging" or event_name matches "StopLogging" | lookup awsaccountname from /shared/awsaccounts on recipient_account_id = awsaccountid | count as count by event_name, recipient_account_id, awsaccountname, user_name, principle_id, accesskey_id
Action items
Know which cloud services your organization uses
Have a modern platform for collection, analysis, alerting
Collect the right data from cloud and internal systems
Use this data wisely
Ensure your staff has the right skills to do all of the above
That's all, folks! 🖖
auth0.engineering/tagged/security
twitter.com/eugk
top related