Hey, everyone, welcome back to the course. So in the last video, we took a brief look at navigating around Suma logic. So we took a look at the collection area, which again is under the managed data. And then we also looked at the APP catalogue and talked about that a little bit in this video. We're to go ahead in to case study number one. Now, I'm not gonna read this document verbatim. You can find this in the resource section of the course,
but basically what we have here is bills, credit repairs, the name of the company.
And what they've done is they've set up communities clusters. And the goal with that was they wanted to get independence from using a single cloud provider. So they were using, for example, Google Cloud. They want to get away from just Google Cloud. They want to do a juror, and AWS is well that we have. One provider goes down, they've got a backup plan. Right?
So one of the things they've done is they've distributed those workloads across the multiple vendors were using kubernetes. But
the problem that's arisen as they need a unified approach to actually understand this environment and be able to monitor it.
So what they've done is they've implemented super logic, right? So they've gone ahead and you similar. They've ingested metrics, events, the logs
that are produced by the communities environment. And what they're doing is you're taking all that data and throwing it into sumo logic, ingesting it, and then making it relevant right there, be able to view it and make sense of the data.
So that's what we have here. So what we're going to do in this video is we're gonna install the cloud trail happened. Then we're gonna go ahead and take a look at some of the data that we can see.
So I'm not going to be following along with this case study. There's no step by step or anything like that. We're just gonna go ahead and navigate here inside the dashboard so we'll ignore this document for now. But again, you can find this in the resource section of the course.
So in the Super Logic Decks dashboard, just make sure clicking on the APP catalogue, you'll see I'm already here. So what I'm going to do is I'm gonna go ahead and click on the AWS Cloud Trail app.
I want to select that there. What you're going to see? You said you're going to notice their six dashboards here. Don't worry about that right now, but those will be pertinent in just a little bit.
What we're gonna do is we're gonna add this to our libraries, will just go ahead and select that there
and then it's gonna ask us to specify a tag. So in this example, we're going to do is specify the tag as labs
and we'll put afford slash and then A W s
Ford slash and then our cloud trail.
So just like that, and we're just gonna add that to the library,
and it usually takes a few seconds or so to get it added in just kind of depends on your particular system.
So you'll see now that it's gone ahead and added that
now, if we look here on the left side in our personal folder,
you noticed that now we have that AWS Cloud Trail app which I had mentioned before, right? We have that folder there that says aws Cloud Trail.
So let's go ahead and select that folder and you notice that we have all those dashboards underneath there.
So we've got our overview. Dashboard. Let's go and take a look at that. This space. We gotta give us some general information about our cloud trail activity. So things like the Geo location of the AWS users on Basically, that's just a geo map database that looks at the I P addresses and then plots them on the map itself, and you'll see them on this map. Here.
We can also see creative resource is any delete. A resource is, And if we scroll down, we've got a little bit of information about. If there's any failed log in attempts at all, you'll see here we have zero. But that's pretty abnormal. In a real environment. You probably see a couple for people forgetting passwords and that sort of stuff.
All right, Next up, we're gonna take a look at our console Loggins here on the left, so that's going to stop dashboard here.
So this is going to show us user set of Logged in via the Consul. It's also going to show us a little more information about successful log in attempts as well as unsuccessful log in attempts and you'll see that it's also tracking down here Loggins from outside the United States because that's where I'm based at and Loggins from multiple I p addresses, etcetera, etcetera, right.
We get some good visualization of our data.
We could also take a look at RS tree buckets and see who's been actually accessing those buckets and any objects that have been created or modified in those buckets. So it allows us to really check that information there. You notice I don't have anything in my history buckets in this particular demo environment, but we would normally see our data here.
And then we can also take a look at our network and security dashboard
and to see some basic information about access control list if we have them in place, any type of authorization failures over a period of time again, we're seeing this based off country up here on the top of left, so it's gonna trap that based off the I P address again, is someone spoofing the I P. A. Maybe a little challenging there to track that information,
but it gives us a generalized view of what's occurring
inside of our cloud trail data.
So in this video just took a brief overview of case study number one again. They were really just looking to get visualization inside of their Cuban Aires environment. So we're able to take a look inside of AWS Cloud Trail here, see the data coming in and get some good visualization Looking through the different dashboards
and the next video were to jump in to case study number two again. We're gonna be using the threat until app from Crowdstrike.