CloudTrail is an API log monitoring web service offered by AWS. It enables AWS customers to record API calls and sends these log files to Amazon S3 buckets for storage. The service provides details of API activity such as the identity of the API caller, the time of the API call, the source IP address of the API caller, the requests made and response elements returned by the AWS service. In addition, it captures a few non-API events (AWS service events and AWS console sign-in events).
CloudTrail can also be configured to publish a notification for every log file that is delivered, allowing users to take action upon log file delivery.
Requests to access S3 bucket can be tracked via access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. This access log information can be useful in identifying the nature of traffic.
Follow the below given steps to add Amazon S3 server access logs as a data source in Cloud Security Plus.
Elastic Load Balancer access logs capture information about requests made to load balancers and can be used to analyze traffic patterns and troubleshoot issues. These logs contain details such as the time the request was received, the client's IP address, latencies, request paths, and server responses.
Follow the below given steps to add Amazon ELB access logs as a data source in Cloud Security Plus.
Microsoft 365 logs capture information on the actions performed by users across the Microsoft 365 platform. Log360 Cloud, helps you track all the activities performed on the Microsoft 365 platform and provides insights on the top active users, top files accessed, critical activities done using the services, and more. You can also use the solution to spot malicious usage patterns across your network and prevent large scale incidents. This document helps you configure Microsoft 365 as a log source.
To register your app in Azure AD, you need a subscription to Microsoft 365 and a subscription to Azure that has been associated with your Microsoft 365 subscription. You can use trial subscriptions to both Microsoft 365 and Azure to get started.
On adding a Microsoft 365 tenant in Log360 cloud, four major data sources - Azure Active Directory, Exchange Online, Sharepoint Online, and Microsoft 365 General (which includes Teams, Skype, Sway, etc) are added. New data sources other than the ones mentioned above cannot be added.
Follow the below given steps to manually add Microsoft 365 tenant for log collection in Log360 Cloud.
To enable a cloud source in Log360 Cloud,
To disable a cloud source in Log360 Cloud,
To delete a cloud source in Log360 Cloud,
You cannot delete a particular data source of a M365 tenant. You can only delete the entire Microsoft 365 tenant in Log360 Cloud. To stop monitoring a specific log source,
Go to Admin → Account Settings → Configure Cloud Accounts.