Mohit Gadkari, solutions architect at AWS, and Ryan Smith, senior threat detection and incident response consultant at AWS, write:ĪWS Security Analytics Bootstrap uses partition projection with Amazon Athena to provide dynamic partitioning across accounts, regions, and dates without any additional infrastructure, code, or frequent maintenance.
![aws infrastructure event management aws infrastructure event management](https://d2908q01vomqb2.cloudfront.net/fc074d501302eb2b93e2554793fcaf50b3bf7291/2020/08/14/Figure-1_Network-Architecture-1035x630.png)
#AWS INFRASTRUCTURE EVENT MANAGEMENT CODE#
The tool requires no code maintenance and deploys everything as infrastructure as code, providing example SQL queries for the most common use cases.Įxample of a cross-account deployment, where AWS Security Analytics Bootstrap is in a different account than the S3 logging buckets. Each table schema supports common security investigation requirements, including partitioning and searches across multiple accounts, regions, and dates.
![aws infrastructure event management aws infrastructure event management](https://d2908q01vomqb2.cloudfront.net/9e6a55b6b4563e652a23be9d623ca5055c356940/2021/01/08/COVID-Alert-app.jpg)
The CloudFormation templates create an Athena analysis environment, AWS serverless interactive query service, AWS Glue databases and tables.
![aws infrastructure event management aws infrastructure event management](https://image.slidesharecdn.com/gettingstartedwithawsiot-160927203634/95/overview-of-iot-infrastructure-and-connectivity-at-aws-getting-started-with-aws-iot-3-638.jpg)
The tool currently supports the logs from AWS CloudTrail, including all management and data events, VPC Flow Logs and Route 53 DNS resolver query logs. AWS recently announced Security Analytics Bootstrap, an open source framework to perform security investigations on AWS service logs using an Amazon Athena analysis environment.ĪWS Security Analytics Bootstrap starts a AWS CloudFormation template that allows customers to perform investigations on common AWS service logs stored in Amazon S3.