Other source logs e.g Cloud Service Provider logs (CSPs) and MacOS and Linux OS logs

[ddiabe]

Objective: Explore LME's ability to integrate with various cloud service provider (CSP)s and test the ingestion of various cloud related logs.

Why is this important? LME currently ingest syslogs , but it will be nice to explore other log sources outside of syslogs especially if LME has a cloud adoption capability. Note not all users have on prem infrastructures, some users have fully migrated to the cloud. LME should be able to show that as a logging solution, it can serve users who have infrastructures both on prem and in cloud environments.

Key objective breakdown:

• validate LME's capability to ingest and process logs from AWS , Azure and GCP.
• Prove integration with ELK stack and Wazuh for analytics and detection
• Test performance under different scenarios, including high-volume ingestion(Define ingestion volume)
• Identify configuration challenges or missing use cases.

Cloud services Providers and logs in scope:

• AWS: CloudTrail , VPC Flow logs (additional logs like Guard duty and cloud watch if need be )
• Azure : Entra id logs
• GCP: Audit logs, VPC Flow logs , (additional logs like cloud security command center logs if need be)

[NVivero]

Closing. Follow on work for testing of each CSP will be managed in separate issues.