search

ministryofjustice / analytical-platform

Analytical Platform • This repository is defined and managed in Terraform
https://docs.analytical-platform.service.justice.gov.uk
MIT License
9 stars 4 forks source link

🪵 Send logs to XSIAM SoC #4697

Open bagg3rs opened 2 months ago

bagg3rs commented 2 months ago

User Story

As a SoC I want security logs from all things So that we have a central source of security logs in order to process for threats correlations

Value / Purpose

Security Operations Center needs our logs and they will process with Palo Alto Cortex to check for bad things.

Useful Contacts

Rich, Julia

Proposal

Do what MP/CP did see thread

Additional Information

See thread here

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSIAM/Cortex-XSIAM-Administrator-Guide/Ingest-Network-Route-53-Logs-from-Amazon-S3

Definition of Done

darren1988 commented 3 weeks ago

To be refined and planned into next sprint

YvanMOJdigital commented 2 weeks ago

Waiting for team to send current error logs before planning this.

darren1988 commented 1 day ago

logs for review:

https://docs.google.com/spreadsheets/d/1QO56aMBeX4rIKKT2loo-6DB0BBIPog5v/edit?gid=2007438121#gid=2007438121