增强安全可见性：构建可扩展的日志分析.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C O P 3 0 7Enhancing security visibility:building scalable log analyticsSantosh GowdaSr.Manager,AWS CloudTrailAWSIsaiah SalinasSr WW CloudOps Specialist SAAWS 2025,A

2、mazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.A thousand logs,a million places-finding needles in digital spaces 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AgendaWhat are some of the challenges?

3、How can AWS help?DemoQ&AKey takeaways 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.What are some of the challenges?Logs exist in multiple locations Time it take to identify and respond to incidents Operational Overhead 2025,Amazon Web Services,Inc.or its affiliates.All rights r

4、eserved.SolutionAWS CloudTrailAmazon CloudWatch+Amazon OpenSearch+2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.AWS CloudTrail overviewImprove governance and audits by tracking user and API activity across your infrastructure and resourcesIdentify and respond to unusual activity

5、 with automated analysisCaptureRecord activity as CloudTrail eventsStoreRetain event logsActTrigger actions when important events are detectedReviewAnalyze findings for recent and historical activity 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.CloudTrail:Insights Detect unusua

6、l API activity Analyze usage patterns in real-time Get alerts on anomalous operations Available for both management and data events 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.CloudTrail:Event AggregationConsolidate high-volume data events into 5-minute summariesThree ready-to