{"id":9329,"date":"2021-10-08T22:22:29","date_gmt":"2021-10-08T20:22:29","guid":{"rendered":"http:\/\/www.orbit.cz\/?post_type=encyklopedie&#038;p=9329"},"modified":"2024-10-31T15:55:40","modified_gmt":"2024-10-31T14:55:40","slug":"audit-logs-in-the-cloud-who-was-it","status":"publish","type":"encyklopedie-cloudu","link":"https:\/\/www.orbit.cz\/en\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/","title":{"rendered":"Audit logs in the cloud: who was it?!"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1080\" height=\"501\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx.jpg\" alt=\"Audit logs in the cloud | ORBIT\" class=\"wp-image-9298\" style=\"width:716px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx.jpg 1080w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx-300x139.jpg 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx-1024x475.jpg 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx-768x356.jpg 768w\" sizes=\"auto, (max-width: 1080px) 100vw, 1080px\" \/><\/figure>\n<\/div>\n\n<style>.wp-block-kadence-column.kb-section-dir-horizontal > .kt-inside-inner-col > .kt-info-box9329_6397f1-3b .kt-blocks-info-box-link-wrap{max-width:unset;}.kt-info-box9329_6397f1-3b .kt-blocks-info-box-link-wrap{background:#ffffff;padding-top:var(--global-kb-spacing-xs, 1rem);padding-right:var(--global-kb-spacing-xs, 1rem);padding-bottom:var(--global-kb-spacing-xs, 1rem);padding-left:0px;}.kt-info-box9329_6397f1-3b.wp-block-kadence-infobox{max-width:100%;}.kt-info-box9329_6397f1-3b .kadence-info-box-image-inner-intrisic-container .kadence-info-box-image-intrisic{padding-bottom:100%;max-width:100%;}.kt-info-box9329_6397f1-3b .kadence-info-box-icon-container .kt-info-svg-icon, .kt-info-box9329_6397f1-3b .kt-info-svg-icon-flip, .kt-info-box9329_6397f1-3b .kt-blocks-info-box-number{font-size:50px;}.kt-info-box9329_6397f1-3b .kt-blocks-info-box-media{border-radius:200px;overflow:hidden;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;}.kt-info-box9329_6397f1-3b .kt-infobox-textcontent p.kt-blocks-info-box-title{font-size:var(--global-kb-font-size-md, 1.25rem);padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;margin-top:0px;margin-right:0px;margin-bottom:10px;margin-left:0px;}.kt-info-box9329_6397f1-3b .kt-blocks-info-box-learnmore{background:transparent;border-width:0px 0px 0px 0px;padding-top:4px;padding-right:8px;padding-bottom:4px;padding-left:8px;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;}<\/style>\n<div class=\"wp-block-kadence-infobox kt-info-box9329_6397f1-3b orbit-testimonial-second\"><span class=\"kt-blocks-info-box-link-wrap info-box-link kt-blocks-info-box-media-align-left kt-info-halign-left\"><div class=\"kt-blocks-info-box-media-container\"><div class=\"kt-blocks-info-box-media kt-info-media-animate-none\"><\/div><\/div><div class=\"kt-infobox-textcontent\"><p class=\"kt-blocks-info-box-title\">Why keep and process audit logs honestly and what tools to use for their analysis?<\/p><p class=\"kt-blocks-info-box-text\"><strong>Martin Gavanda<\/strong><\/p><\/div><\/span><\/div>\n\n\n\n<p><strong>Itian 1: \"Please, do you know why it's not working now? It was running yesterday!\"<\/strong><\/p>\n\n\n\n<p><strong>Atiyak 2: \"I traced from the log that someone logged in with an admin account, but I don't know what changed.\"<\/strong><\/p>\n\n\n\n<p><strong>Ijit 1: \"Who changed anything in there?\"<\/strong><\/p>\n\n\n\n<p><strong>Chorus: \"Not me.\"<\/strong><\/p>\n\n\n\n<p><strong>Similar situations have probably happened to all of us. Personally, I hope that it is rarely the case anymore and that we all have the right set of&nbsp;<em>change management process<\/em>. It is also important to keep and process environmental audit logs honestly, perhaps because your internal guidelines require it, or you are even obliged to process audit logs for&nbsp;<\/strong><a href=\"https:\/\/compliance.orbit.cz\/\" target=\"_blank\" rel=\"nofollow noopener\"><strong>external regulations<\/strong><\/a><strong>&nbsp;(e.g. CNB regulation, critical infrastructure of the state or different ISO standards). So why should we store audit logs and what tools should we use? That's what we will discuss in today's article.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Basic division of audit logs<\/strong><\/h2>\n\n\n\n<p>In principle, audit logs can be divided into two basic groups. Each is equally important and we should not forget one or the other.<\/p>\n\n\n\n<p>Let's not forget that audit logs should be&nbsp;<strong>always store and process<\/strong>regardless of the technology used or where the application is run from. Furthermore, we must not forget the topic&nbsp;<strong>data retention<\/strong>. Due to the fact that we typically keep audit logs for regulatory reasons, it is necessary to keep this data for a long period of time (sometimes several years).<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Environment audit logs: typically contain information about who has manipulated, accessed or modified the environment and how. Thus, these are typically logs that reflect administrative actions (who changed which component or resource, which data in the database or which files were accessed, and how).<\/li>\n\n\n\n<li>Application audit logs: these logs map and describe user activity within the application. For example, this can be information about what application functionality the user accessed, what user inputs were used to generate a menu, or what document was downloaded.<\/li>\n<\/ul>\n\n\n\n<p>As part of our&nbsp;<a href=\"https:\/\/www.orbit.cz\/en\/cloud-services\/sprava-a-rozvoj-cloudu\/\" target=\"_blank\" rel=\"nofollow noopener\">Cloud services<\/a>&nbsp;we will be happy to help you define and set up the necessary rules.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Audit logs and the cloud<\/strong><\/h2>\n\n\n\n<p>A major benefit of the cloud environment is that audit logging tools are a direct part of all major cloud platforms. In the cloud (as opposed to a typical on-premise environment), the&nbsp;<strong>all actions performed via API<\/strong>&nbsp;- either by calling these APIs directly or indirectly via UI interfaces or various&nbsp;<em>software development kits<\/em>. So if we perform all operations \"over one place\" (the API), it is very easy to log and process all these actions.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9476\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2154\" height=\"1140\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1.png\" alt=\"\" class=\"wp-image-9476\" style=\"width:579px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1.png 2154w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1-300x159.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1-1024x542.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1-768x406.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1-1536x813.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_1-2048x1084.png 2048w\" sizes=\"auto, (max-width: 2154px) 100vw, 2154px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/docs.microsoft.com\/en-us\/azure\/azure-resource-manager\/management\/overview<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>Environment audit logs<\/strong><\/h2>\n\n\n\n<p>So what tools do individual cloud providers offer us? In the case of AWS, these are&nbsp;<a href=\"https:\/\/aws.amazon.com\/cloudtrail\/\" target=\"_blank\" rel=\"nofollow noopener\">AWS CouldTrail<\/a>, Azure again offers&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-monitor\/essentials\/platform-logs-overview\" target=\"_blank\" rel=\"nofollow noopener\">Activity &amp; Resource Logs<\/a>.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9479\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2232\" height=\"693\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2.png\" alt=\"\" class=\"wp-image-9479\" style=\"width:683px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2.png 2232w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2-300x93.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2-1024x318.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2-768x238.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2-1536x477.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_2-2048x636.png 2048w\" sizes=\"auto, (max-width: 2232px) 100vw, 2232px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/aws.amazon.com\/cloudtrail\/<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The aim of these tools is to&nbsp;<strong>capture any activity (operation) performed over all resources<\/strong>. These activities can be triggered by the user or directly by the cloud environment or another service.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9481\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2232\" height=\"649\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3.png\" alt=\"\" class=\"wp-image-9481\" style=\"width:761px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3.png 2232w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3-300x87.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3-1024x298.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3-768x223.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3-1536x447.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_3-2048x595.png 2048w\" sizes=\"auto, (max-width: 2232px) 100vw, 2232px\" \/><figcaption class=\"wp-element-caption\">Source.<\/figcaption><\/figure>\n<\/div>\n\n\n<p>Here, for example, we see activity in one of our internal Azure environments and we can clearly see that some operations were performed by the user (here specifically by me) and others are performed directly by the cloud environment (automatic backup of a virtual server).<\/p>\n\n\n\n<p>A detailed audit trail is available for each operation, which stores all the information about the individual operations performed. Typically, therefore&nbsp;<strong>Who<\/strong>&nbsp;(identity or role),&nbsp;<strong>when<\/strong>&nbsp;(when the operation was called),&nbsp;<strong>Where<\/strong>&nbsp;(identification of environment and region),&nbsp;<strong>From<\/strong>(IP address, endpoint identification) and&nbsp;<strong>What<\/strong>&nbsp;(what operation over what specific resource) was performed within the environment.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9483\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2232\" height=\"1183\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4.png\" alt=\"\" class=\"wp-image-9483\" style=\"width:857px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4.png 2232w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4-300x159.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4-1024x543.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4-768x407.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4-1536x814.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_4-2048x1085.png 2048w\" sizes=\"auto, (max-width: 2232px) 100vw, 2232px\" \/><figcaption class=\"wp-element-caption\">Abbreviated audit trail produced by AWS CloudTrail on a database restart<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Processing and visualization of audit logs<\/strong><\/h2>\n\n\n\n<p>The first part is over - we have detailed logs of all operations. Both of the tools mentioned above (AWS CloudTrail and Azure Monitor) offer basic options for filtering and browsing these logs, but you'll probably want to implement some additional (either native or 3rd party) tools in your environment to visualize this data.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9485\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1618\" height=\"926\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5.png\" alt=\"\" class=\"wp-image-9485\" style=\"width:647px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5.png 1618w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5-300x172.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5-1024x586.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5-768x440.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_5-1536x879.png 1536w\" sizes=\"auto, (max-width: 1618px) 100vw, 1618px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/memegenerator.net\/instance\/80592887\/auditnow-yeaim-going-to-need-those-audit-docs-asap<\/figcaption><\/figure>\n<\/div>\n\n\n<p>If you choose to use pure cloud provider tools, you'll likely reach for tools like&nbsp;<a href=\"https:\/\/aws.amazon.com\/cloudwatch\/\" target=\"_blank\" rel=\"nofollow noopener\">AWS CloudWatch<\/a>,&nbsp;<a href=\"https:\/\/aws.amazon.com\/quicksight\/\" target=\"_blank\" rel=\"nofollow noopener\">AWS QuickSight<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/log-analytics-overview\" target=\"_blank\" rel=\"nofollow noopener\">Azure Log Analytics<\/a>. All of them have the aim&nbsp;<strong>process any volume of source data<\/strong>&nbsp;and based on your preferences and requirements is&nbsp;<strong>visualize<\/strong>&nbsp;and offer it to users.<\/p>\n\n\n<div class=\"wp-block-image wp-image-9487\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2232\" height=\"1034\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6.png\" alt=\"\" class=\"wp-image-9487\" style=\"width:761px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6.png 2232w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6-300x139.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6-1024x474.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6-768x356.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6-1536x712.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_6-2048x949.png 2048w\" sizes=\"auto, (max-width: 2232px) 100vw, 2232px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/docs.microsoft.com\/en-us\/azure\/azure-monitor\/essentials\/activity-log<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The next step in optimal work with audit logs will probably be the definition of specific notification rules. For example, it would be interesting to track the rate of failed attempts (<em>access denied<\/em>) over individual accounts, which may indicate that a user is trying to do something they shouldn't.<\/p>\n\n\n\n<p>Another example might be notification of key operations over production resources, but there are no limits to your imagination and you can certainly come up with many other interesting scenarios.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>External tools for processing audit logs<\/strong><\/h2>\n\n\n\n<p>Nowadays, there are a wide range of external tools that can be used to analyze audit logs. The primary difference from native cloud tools is a certain higher level of \"intelligence\", prebuilt repots and templates, and support for different environments, which is useful for those of you running multi-cloud environments.<\/p>\n\n\n\n<p>For me personally, I would recommend looking at the following tools:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.checkpoint.com\/cloudguard\/cloud-security-solutions\/\" target=\"_blank\" rel=\"nofollow noopener\">CheckPoint CloudGuard<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.datadoghq.com\/\" target=\"_blank\" rel=\"nofollow noopener\">Datadog<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.runecast.com\/cloud-security-and-posture-management-cspm\" target=\"_blank\" rel=\"nofollow noopener\">Runecast<\/a><\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image wp-image-9489\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"2232\" height=\"829\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7.png\" alt=\"\" class=\"wp-image-9489\" style=\"width:787px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7.png 2232w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7-300x111.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7-1024x380.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7-768x285.png 768w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7-1536x570.png 1536w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_7-2048x761.png 2048w\" sizes=\"auto, (max-width: 2232px) 100vw, 2232px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/blog.checkpoint.com\/2021\/01\/13\/cloud-threat-hunting-attack-investigation-series-lateral-movement-under-the-radar\/<\/figcaption><\/figure>\n<\/div>\n\n\n<p>The individual tools differ from each other, especially in terms of the additional security features offered. There is certainly no perfect tool, each has its pros and cons. I definitely recommend to deploy the chosen tool in a Proof of Concept implementation and thoroughly test all the required features before the final implementation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Application audit logs<\/strong><\/h2>\n\n\n\n<p>The second area you should cover is audit logs within the application itself. Here the situation is a bit more complicated because each application is unique. In general, you should be able to identify within the audit logs&nbsp;<strong>every user action performed in the application itself<\/strong>such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Performing a business action<\/li>\n\n\n\n<li>Access to application data<\/li>\n\n\n\n<li>Calling a key operation<\/li>\n\n\n\n<li>Change of data<\/li>\n<\/ul>\n\n\n\n<p>But how to achieve this? Here, the decision will probably be up to the application development team to decide what technology or approach to use. The functionality for collecting application audit logs can be implemented purely \"in-house\", i.e. within the application development itself, or you can use services offered directly by cloud providers.<\/p>\n\n\n\n<p>Here I would like to mention especially the tools&nbsp;<a href=\"https:\/\/aws.amazon.com\/xray\/\" target=\"_blank\" rel=\"nofollow noopener\">AWS X-Ray<\/a>&nbsp;and&nbsp;<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/azure-monitor\/app\/app-insights-overview\" target=\"_blank\" rel=\"nofollow noopener\">Azure AppInisghts<\/a>. Although these services are not focused on the area of application auditing (their primary use is for application monitoring), but thanks to the fact that they can \"see in detail\" into the application itself, it can be relatively easy to create your own \"audit logic\".<\/p>\n\n\n\n<p>How to process and evaluate these audit records? This is similar to environmental audit trails - for example, you can use&nbsp;<em>Azure Log Analytics<\/em>&nbsp;and visualize the data or use standard log management tools such as&nbsp;<a href=\"https:\/\/www.splunk.com\/\" target=\"_blank\" rel=\"nofollow noopener\">Splunk<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/www.elastic.co\/what-is\/elk-stack\" target=\"_blank\" rel=\"nofollow noopener\">ELK Stack<\/a>&nbsp;(Elasticsearch, Logstash and Kibana).<\/p>\n\n\n<div class=\"wp-block-image wp-image-9491\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1523\" height=\"924\" src=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_8.png\" alt=\"\" class=\"wp-image-9491\" style=\"width:605px;height:auto\" srcset=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_8.png 1523w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_8-300x182.png 300w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_8-1024x621.png 1024w, https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/e13_8-768x466.png 768w\" sizes=\"auto, (max-width: 1523px) 100vw, 1523px\" \/><figcaption class=\"wp-element-caption\">Source : https:\/\/www.splunk.com\/en_us\/blog\/security\/introducing-new-splunk-add-on-for-ot-security.html<\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>What do you use?<\/strong><\/h2>\n\n\n\n<p>Audit logs are not magic, and they are remarkably easy to work with in the cloud because they are available to you automatically.&nbsp;<strong>Don't forget them, store them and process them.<\/strong>&nbsp;They will come in handy! And the next time someone asks you, \"Who was that?!\", you won't have to think long.<\/p>\n\n\n\n<p>What tools do you use? Do you use only the native tools of each cloud provider, or do you use other technologies and tools? I will be glad for any comments and especially personal experience.<\/p>\n\n\n\n<p>And what can you look forward to next? In the following article, we'll take a look at the detailed cloud monitoring options and a colleague&nbsp;<a href=\"https:\/\/www.linkedin.com\/in\/prochazkajakub\/\" target=\"_blank\" rel=\"noopener\">Jakub Proch\u00e1zka<\/a>&nbsp;introduces you in detail to some of the tools I've mentioned in this installment of the Cloud Encyclopedia. All previous chapters in the series&nbsp;<a href=\"https:\/\/www.orbit.cz\/en\/cloud-encyclopedia\/\" target=\"_blank\" rel=\"nofollow noopener\">you can find here<\/a><em>.<\/em><\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Why keep and process cloud audit logs? Because they will come in handy. But which tools to use to analyze them?<\/p>","protected":false},"author":10,"featured_media":9298,"template":"","meta":{"_acf_changed":true,"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":""},"categories":[129,126],"class_list":["post-9329","encyklopedie-cloudu","type-encyklopedie-cloudu","status-publish","has-post-thumbnail","hentry","category-cloud-compliance","category-cloud-computing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT<\/title>\n<meta name=\"description\" content=\"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.orbit.cz\/en\/cloud-encyclopedia\/audit-logs-in-the-cloud-who-was-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT\" \/>\n<meta property=\"og:description\" content=\"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.orbit.cz\/en\/cloud-encyclopedia\/audit-logs-in-the-cloud-who-was-it\/\" \/>\n<meta property=\"og:site_name\" content=\"ORBIT | create IT your own way\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-31T14:55:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2022\/01\/EC2-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1072\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT\" \/>\n<meta name=\"twitter:description\" content=\"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.orbit.cz\/wp-content\/uploads\/2022\/01\/EC2-scaled.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/\",\"url\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/\",\"name\":\"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.orbit.cz\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/auditni-logy-ORBITx.jpg\",\"datePublished\":\"2021-10-08T20:22:29+00:00\",\"dateModified\":\"2024-10-31T14:55:40+00:00\",\"description\":\"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.orbit.cz\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/auditni-logy-ORBITx.jpg\",\"contentUrl\":\"https:\\\/\\\/www.orbit.cz\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/auditni-logy-ORBITx.jpg\",\"width\":1080,\"height\":501,\"caption\":\"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/encyklopedie-cloudu\\\/auditni-logy-v-cloudu-kdo-to-byl\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.orbit.cz\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Auditn\u00ed logy v cloudu: kdo to byl?!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#website\",\"url\":\"https:\\\/\\\/www.orbit.cz\\\/\",\"name\":\"ORBIT | create IT your own way\",\"description\":\"ORBIT | create IT your own way\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.orbit.cz\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#organization\",\"name\":\"ORBIT s.r.o.\",\"url\":\"https:\\\/\\\/www.orbit.cz\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.orbit.cz\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/logoslogan-01.png\",\"contentUrl\":\"https:\\\/\\\/www.orbit.cz\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/logoslogan-01.png\",\"width\":1417,\"height\":829,\"caption\":\"ORBIT s.r.o.\"},\"image\":{\"@id\":\"https:\\\/\\\/www.orbit.cz\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/orbit\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Audit logs in the cloud: who was it?! | ORBIT Cloud Encyclopedia","description":"Why keep and process cloud audit logs? Because they will come in handy. But which tools to use to analyze them?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.orbit.cz\/en\/cloud-encyclopedia\/audit-logs-in-the-cloud-who-was-it\/","og_locale":"en_GB","og_type":"article","og_title":"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT","og_description":"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?","og_url":"https:\/\/www.orbit.cz\/en\/cloud-encyclopedia\/audit-logs-in-the-cloud-who-was-it\/","og_site_name":"ORBIT | create IT your own way","article_modified_time":"2024-10-31T14:55:40+00:00","og_image":[{"width":2048,"height":1072,"url":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2022\/01\/EC2-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_title":"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT","twitter_description":"Pro\u010d uchov\u00e1vat a zpracov\u00e1vat auditn\u00ed logy cloudov\u00e9ho prost\u0159ed\u00ed? Proto\u017ee se budou hodit. Jen\u017ee kter\u00e9 n\u00e1stroje pou\u017e\u00edvat pro jejich anal\u00fdzu?","twitter_image":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2022\/01\/EC2-scaled.jpg","twitter_misc":{"Estimated reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/","url":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/","name":"Audit logs in the cloud: who was it?! | ORBIT Cloud Encyclopedia","isPartOf":{"@id":"https:\/\/www.orbit.cz\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/#primaryimage"},"image":{"@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/#primaryimage"},"thumbnailUrl":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx.jpg","datePublished":"2021-10-08T20:22:29+00:00","dateModified":"2024-10-31T14:55:40+00:00","description":"Why keep and process cloud audit logs? Because they will come in handy. But which tools to use to analyze them?","breadcrumb":{"@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/#primaryimage","url":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx.jpg","contentUrl":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx.jpg","width":1080,"height":501,"caption":"Auditn\u00ed logy v cloudu: kdo to byl?! | Encyklopedie cloudu ORBIT"},{"@type":"BreadcrumbList","@id":"https:\/\/www.orbit.cz\/encyklopedie-cloudu\/auditni-logy-v-cloudu-kdo-to-byl\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.orbit.cz\/"},{"@type":"ListItem","position":2,"name":"Auditn\u00ed logy v cloudu: kdo to byl?!"}]},{"@type":"WebSite","@id":"https:\/\/www.orbit.cz\/#website","url":"https:\/\/www.orbit.cz\/","name":"ORBIT | create IT your own way","description":"ORBIT | create IT your own way","publisher":{"@id":"https:\/\/www.orbit.cz\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.orbit.cz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.orbit.cz\/#organization","name":"ORBIT s.r.o.","url":"https:\/\/www.orbit.cz\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.orbit.cz\/#\/schema\/logo\/image\/","url":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2020\/11\/logoslogan-01.png","contentUrl":"https:\/\/www.orbit.cz\/wp-content\/uploads\/2020\/11\/logoslogan-01.png","width":1417,"height":829,"caption":"ORBIT s.r.o."},"image":{"@id":"https:\/\/www.orbit.cz\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/orbit\/"]}]}},"taxonomy_info":{"category":[{"value":129,"label":"Cloud compliance"},{"value":126,"label":"Cloud computing"}]},"featured_image_src_large":["https:\/\/www.orbit.cz\/wp-content\/uploads\/2021\/10\/auditni-logy-ORBITx-1024x475.jpg",1024,475,true],"author_info":{"display_name":"Martin Gavanda","author_link":"https:\/\/www.orbit.cz\/en\/author\/af7b56472d1efaf6\/"},"comment_info":"","_links":{"self":[{"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/encyklopedie-cloudu\/9329","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/encyklopedie-cloudu"}],"about":[{"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/types\/encyklopedie-cloudu"}],"author":[{"embeddable":true,"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/users\/10"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/media\/9298"}],"wp:attachment":[{"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/media?parent=9329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.orbit.cz\/en\/wp-json\/wp\/v2\/categories?post=9329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}