[Help] Ingesting AWS CloudWatch Log Group for monitoring AWS Managed Active Directory Security Logs
Hi all, I'm trying to ingest log data from our AWS Managed Active Directory. I've already enabled the Log Forwarding for AWS MAD following the instructions here: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_enable_log_forwarding.html
However, I'm not clear on which is the required/preferred method for ingesting these logs with Sumo Logic. I'm reading this support article here but would like some additional guidance. https://help.sumologic.com/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs
The ultimate goal is to monitor events such as changes to security group memberships (addition, removal from a group), changes to group policy, etc.
Has anyone configured this? Is there a reason I wouldn't use the wizard to configure the AWS CloudWatch log source?
Thanks!
Please sign in to leave a comment.
Comments
0 comments