Documente Academic
Documente Profesional
Documente Cultură
VPC Flow Logs • Netflow logs from your virtual private clouds
Azure Activity Logs • Logs reflecting changes to the account and instances
Azure Network Watcher • Logs from Azure Netflow logs from NSG
On premises Cloud
Network Firewall Virtual Firewall Appliance
Network Monitoring
On premises Cloud
Netflow VPC Flow
Network Taps Virtual Taps
IDS Cloud provider solutions
IPS
Authentication Sources
On Premises Cloud
SSO Azure AD
Active Directory Amazon SSO
On Premises
• Splunk
• ELK
Log Storage • SIEM
and Alerting Cloud
• AWS Cloudwatch Logs Insights
• Azure Sentienel
• GCP Stackdriver
Cloud DFIR Maturity
Azure Log
Storage
Other Azure Logs $0.001/GB
such as Azure AD per month
Stackdriver Audit Logs
AWS Agents
Azure Agent
Grabs metrics and processes Allows you to point logs to cloudwatch for
storage
Osquery
Privileged Visibility
Built in Docker
containers otherwise
API Support
required requires host
Living with
Containers
Supports
Other
Docker Kubernetes frameworks
based on docker
• Universal Audit Logs
• Does not record individual mail
Office 365 item access
• Does capture User Agent strings
• Best reviewed outside of the cloud
• Azure AD
• Integrated SSO means your auth
does not occur in Office 365
Office 365 • You need to tie in Azure AD logs
and look at user agents
Onedrive is really sharepoint
PST Export
•Gsuite audit logs
Gsuite for •Drive
Business •Sharing Links
•Account access
No logging of
Gsuite for
Business takeout
function
• Mailbox export
• Multistep process
involving
Gsuite for • oauth tokens
Business • Api calls
• url polling
• Mbox downloading
Questions?