AWS Logging #37
Replies: 1 comment
-
|
Searching for sensitive information in CloudWatch logs can be a valuable action for security and compliance purposes. Your example query is a good starting point for finding logs that contain potential security vulnerabilities. Automating such queries into CloudFox can save time and effort for security engineers and allow for a more proactive approach to security. However, as you mentioned, there are costs associated with running these queries, and it's important to monitor the cost of running these queries to ensure they don't become prohibitively expensive. One way to mitigate the cost of running these queries is to use sampling techniques to limit the amount of data processed. For example, you can use the "sample" operator in CloudWatch Insights to limit the number of logs returned by a query. Another way to reduce costs is to schedule queries to run during off-peak hours or to run them less frequently. It's also important to consider the security implications of automating log queries. Access to sensitive logs should be restricted to authorized personnel, and automated queries should be carefully monitored to ensure they don't generate false positives or generate excessive noise. Finally, consider encrypting sensitive log data at rest and in transit to prevent unauthorized access. Meanwhile I would like to recommend a book on AWS |
Beta Was this translation helpful? Give feedback.
-
I'm wondering if there are any generic queries that could be useful on CloudWatch log groups. Occasionally tokens, secrets, and other interesting data ends up getting logged in error messages during Lambda functions, ECS tasks, etc.
An example CloudWatch insights query might be:
I don't know if pentesters or security engineers are looking at logs in AWS accounts, but it could be interesting to query for sensitive info.
Secondly, if this is a valuable action, is it worth automating some queries into CloudFox? I don't know if there has been discussion about tests that incur costs, but CloudWatch insight queries, CloudTrail Queries, and Athena all have a cost associated with them for the amount of data they process.
Beta Was this translation helpful? Give feedback.
All reactions