Connect this data source on your own, using the Hunters platform.
Overview
Table name: cloudwatch_logs
Cloudwatch by Amazon is used to monitor, store, and access log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources. CloudWatch enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis. CloudWatch Logs enables you to see all of your logs, regardless of their source, as a single and consistent flow of events ordered by time.
Integrating the Cloudwatch logs to Hunters allows ingesting the data, as well as levaraging it for custom use cases, such as custom detection.
Send data to Hunters
To connect AWS CloudWatch logs:
Follow this guide under the CloudWatch to S3 section to ship the logs to a destination bucket.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
Logs are expected in JSON format.
{"timestamp":1696851819528,"message":{"level":30,"time":1696851819528,"pid":25,"hostname":"1234"},"logStream":"graphql-gateway/graphql-gateway/123321123321123321","logGroup":"/aws/ecs/consumer-graphql-gateway"}
{"timestamp":1696851844444,"message":"Koko Shoko","logStream":"graphql-gateway/graphql-gateway/123321123321123321","logGroup":"/aws/ecs/consumer-graphql-gateway"}