Reload historic cloudtrails data from s3-bucket
29 views
Skip to first unread message
Charles Rawls
Aug 29, 2023, 3:43:26 PM8/29/23
to Wazuh | Mailing List
Greetings:
A quick and simple question, I hope.
I have a new install of wazuh 4.5 on Ubuntu 22.04. I have 90 days of cloudtrails logs I would like to ingest.
Prior I could use the ./aws-s3 -b 'BUCKETNAME' --reparse --only_logs_after 'DATE' --debug 2 -p XXXXX
command, but this seems to not load data.
Any clues would be appreciated.
Charles Rawls
Aug 29, 2023, 3:46:43 PM8/29/23
to Wazuh | Mailing List
Actually, I should ask what is the proper procedure to load historic cloudtrail logs
Gonzalo Acuña
Aug 30, 2023, 7:28:07 AM8/30/23
to Wazuh | Mailing List
Hi, Charles.
I have tested the command and it works. It returns the logs list.
Here is a blog that explains how to configure Wazuh to get CloudTrail logs. Let me know if that's what you are looking for:
- https://wazuh.com/blog/integrating-aws-cloudtrail-in-wazuh/
Regards.
Gonzalo.
Here is a blog that explains how to configure Wazuh to get CloudTrail logs. Let me know if that's what you are looking for:
- https://wazuh.com/blog/integrating-aws-cloudtrail-in-wazuh/
Regards.
Gonzalo.
Reply all
Reply to author
Forward
0 new messages