Overview
AWS logs provide unique and crucial visibility into the activities and resources in an organization’s AWS environment. As Cloud environments are vastly different from regular on-prem environments, many classic security products and auditing and logging mechanisms do not exist anymore in the Cloud environment as they were, which makes the multiple logging mechanisms of AWS all the more important for defending an organization’s AWS environment.
Supported logs summary
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
AWS CloudTrail logs | ✅ | ✅ | ✅ | ✅ | aws_cloudtrail | NDJSON | S3 |
AWS Guard Duty logs | ✅ | ✅ | aws_guard_duty | NDJSON | S3 | ||
AWS Cloudwatch logs | cloudwatch_logs | NDJSON | S3 | ||||
AWS Config logs | ✅ | aws_config | NDJSON | S3 | |||
AWS WAF logs | ✅ | ✅ | ✅ | aws_waf | NDJSON | S3 | |
AWS VPC Flow Logs | ✅ | ✅ | aws_vpc_flow_logs | CSV | S3 | ||
AWS ELB logs | ✅ | ✅ | aws_elb_classic | CSV | S3 | ||
AWS Inspector findings | ✅ | aws_inspector_findings | NDJSON | S3 | |||
AWS EKS Control Plane Logging | ✅ | ✅ | aws_eks_control_manager_logs | NDJSON | S3 | ||
AWS RDS Aurora MySQL Audit Logs | aws_rds_aurora_mysql_audit_logs | CSV | S3 | ||||
AWS Route 53 Logs | ✅ | ✅ | route53_resolver_query_logs | NDJSON | S3 | ||
AWS S3 Server Access Logs | ✅ | ✅ | aws_s3_server_access_logs | CSV | S3 | ||
AWS Client VPN Connection Logs | ✅ | ✅ | aws_client_vpn_logs | NDJSON | S3 | ||
AWS Transit Gateway flow Logs | ✅ | ✅ | aws_transit_gateway_flow_logs | NDJSON | S3 |
💡Tip
Hunters supports AWS Control Tower.
📘In this section