Decoding AWS CloudTrail with OSSEC

Slides:



Advertisements
Similar presentations
Softricity LLC Advance slides with arrow keys. Without PDMLynx Informal processes based upon excel, access, paper files No consistency across organization.
Advertisements

TeBAS Tourism suite Technical Business Application System.
Chapter Five Users, Groups, Profiles, and Policies.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Administration and Security Transparencies 1.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Security & Privacy The changing world of Privacy and the core drivers.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Virtual techdays INDIA │ august 2010 Managing Active Directory Using Microsoft Forefront Identity Manager: Amol R Bhandarkar │ Tech Specialist –
FSA ID TRANSITION Ditch the PIN. WHAT IS THE NEW FSA ID AND PASSWORD? U.S. Department of Education has a new login process beginning April 26 th for student-
Chapter 9 Auditing Database Activities
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Configuration Management
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
DATABASE SECURITY By Oscar Suciadi CS 157B Prof. Sin-Min Lee.
UIS EDEN Workflow Engine Overview of workflow engine for IU’s OneStart portal.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.
Network and Active Directory Performance Monitoring and Troubleshooting NETW4008 Lecture 8.
1 Chapter Overview Planning an Audit Policy Implementing an Audit Policy Using Event Viewer.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
A Product of Copyright © ANGLER Technologies AURA – Quality Compliance Monitoring & Process Management System.
Engineering Security Requirement
Inventory Management & Administration System Tourism suite What is the PCI DSS? The PCI DSS stands for Payment Card Industry Data Security Standard.
Managing Multi-User Databases AIMS 3710 R. Nakatsu.
Template v7 January 30, Copyright © Infor. All Rights Reserved.
- 1 - Roadmap to Re-aligning the Customer Master with Oracle's TCA Northern California OAUG March 7, 2005.
Designing Active Directory for Security
Production Data Grids SRB - iRODS Storage Resource Broker Reagan W. Moore
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Configuration Management and Change Control Change is inevitable! So it has to be planned for and managed.
Create Content Capture Content Review Content Edit Content Version Content Version Content Translate Content Translate Content Format Content Transform.
Record Authenticity as a Measure of Trust: A View Across Records Professions, Sectors, and Legal Systems Corinne Rogers University of British Columbia.
1 Introduction to Auditing Auditing allows you to track User activities. Microsoft Windows 2000 activities. Windows 2000 records events in the security.
Understand Audit Policies LESSON Security Fundamentals.
Audit COM380 University of Sunderland Harry R. Erwin, PhD.
Data Integration with Veracross Wednesday, June 23 rd Lauren Banks.
Application Review and Auditing Databases Quinn Gaalswyk, CISA Ted Wallerstedt, CISA, CIA Office of Internal Audit University of Minnesota.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
Audit API : Hints and Tricks Mehdi BELMEKKI, Consultancy Team Alfresco.
Configuration Control (Aliases: change control, change management )
Securing Privileged Identities Joseph Dadzie, Principal PM Manager, Microsoft 2016 Redmond Summit | Identity Without Boundaries May 26, 2016 James Cowling,
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Berkeley Lab Software Distribution Site NLIT Dan Pulsifer - Engineering May 11 th, 2008.
Soapbox (S-Series) Certificate Validation Jens Jensen, STFC.
21 CFR PART 11.
Audit Trail LIS 4776 Advanced Health Informatics Week 14
Software Project Configuration Management
Managing Multi-User Databases
Data and database administration
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Active Directory Administration
Corporate Services Group
To Join the Teleconference
Office 365 Security Assessment Workshop
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Securing Cloud-Native Applications Jason Schmitt CEO
An introduction to DSpace
مراجعه النظم Information Systems Audit
בקרה תוך שימוש ב 21CFR Part 11 / אילן שעיה סמארט לוג'יק
10 Advantages of Integrating Biometrics with Membership Management Software.
By Oscar Suciadi CS 157B Prof. Sin-Min Lee
Integration Environment
Security Mechanisms Network Security.
Presentation transcript:

Decoding AWS CloudTrail with OSSEC Presented By: Barry O Meara – Pre Sales Engineer EMEA

AGENDA: Why? Enabling AWS CloudTrail OSSEC AWS CloudTrail DECODER How AlienVault USM decodes these events How to use your audit reports

Why? Scenario: Make an audit trail follow the user: Establish a process for linking all access to system components (especially access done with administrative privileges such as root) to each individual user. Implement automated audit trails for all system components to reconstruct the following events: All actions taken by any individual with root or administrative privileges Invalid logical access attempts Use of identification and authentication mechanisms Creation and deletion of system level objects

Stuff To Record: User identification Type of event Date and time ./Time must be synchronized across all systems ./Success or failure indication Origination of event Identity or name of affected data, system component, or resource.

Stuff to Decode – AWS Event Translation EVENT VERSION "eventVersion":"1.02” – Very Important EVENT ID "eventID":"7d4ad9fe-ce06-472a-b995-1685f1370a67" EVENT TIME "eventTime":"2014-09-03T08:59:37Z", USER ID u'147023721278’ parent "userIdentity": "eventName":"GetTrailStatus" USER AGENT "userAgent":"console.amazonaws.com", SOURCE IP "sourceIPAddress":"62.77.185.113"

DEEP DIVE

Skype: bomeara-alienvault Questions? Email: bomeara@alienvault.com Skype: bomeara-alienvault

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.