The company wants to change SIEMs without re-architecture the solution. What should the Security Engineer do to accomplish this with minimal operational impact?

Last Updated on September 14, 2021 by Admin 2

A company is migrating its legacy workloads to AWS. The current security information events management (SIEM) system that analyzes logs is aging, and different SIEM systems are being evaluated to replace it. The company wants to change SIEMs without re-architecture the solution.

What should the Security Engineer do to accomplish this with minimal operational impact?

  • Prepare an AMI with the SIEM log forwarder agent for each workload, and configure it to send logs to a centralized SIEM located in the Security team AWS account. Configure an Amazon EC2 instance base AMI to forward logs to its local log forwarder agent. Deploy an AMI in each workload.
  • Configure an Amazon EC2 base AMI with an Amazon Kinesis Agent, and configure it to send to Amazon Kinesis Data Streams in the Security team AWS account. Add an AWS Lambda function at Kinesis Data Streams to push streamed logs to the SIEM.
  • Configure an Amazon EC2 base AMI to send logs to a local AWS CloudTrail log file. Configure CloudTrail to send logs to Amazon CloudWatch. Set up a central SIEM in the Security team AWS account and configure a puller to get information on CloudWatch.
  • Select a pay-per-use SIEM in the AWS Marketplace. Deploy the AMI in each workload to provide elasticity when required. Use Amazon Athena to send real-time alerts.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments