Cloud logs collection #7474

usmanaa10 · 2022-03-09T07:28:35Z

usmanaa10
Mar 9, 2022

Hi Friends,
I have infrastructure on the cloud and I think it cost me more if I deploy a security onion solution over there. What did you guys suggest?
If I want to collect logs from AWS cloud to on-prem security onion setup what should I do and addition I will need to do, Kindly guide me with proper configuration?

Thanks

Answered by weslambert

Mar 11, 2022

If you are referring to collecting logs only, you could consider using the AWS Filbeat module:
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-aws.html
https://docs.securityonion.net/en/latest/filebeat.html#modules

If you are referring to actually monitoring traffic in AWS and feeding that back to your on-prem stack, you could consider running a sensor in AWS, and your manager and search node(s) locally:
https://docs.securityonion.net/en/latest/cloud-ami.html

View full answer

weslambert · 2022-03-11T16:08:37Z

weslambert
Mar 11, 2022

If you are referring to collecting logs only, you could consider using the AWS Filbeat module:
https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-aws.html
https://docs.securityonion.net/en/latest/filebeat.html#modules

If you are referring to actually monitoring traffic in AWS and feeding that back to your on-prem stack, you could consider running a sensor in AWS, and your manager and search node(s) locally:
https://docs.securityonion.net/en/latest/cloud-ami.html

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Cloud logs collection #7474

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Cloud logs collection #7474

Uh oh!

usmanaa10 Mar 9, 2022

Replies: 1 comment

Uh oh!

weslambert Mar 11, 2022

usmanaa10
Mar 9, 2022

weslambert
Mar 11, 2022