April 18, 2024 at 08:35AM
Researcher Daniel Bohannon discusses the challenges of dealing with extensive logging in Amazon Web Services, which creates a large volume of events that make it difficult to identify user actions. He plans to launch an open-source tool at Black Hat Asia to help consolidate the cloud log events, with future prospects of expanding it to other cloud providers.
Based on the meeting notes, it seems that Daniel Bohannon and Andi Ahmeti are tackling the challenge of dealing with the voluminous logging data generated by Amazon Web Services (AWS) and plan to release an open-source tool called Cloud Console Cartographer at the Black Hat Asia conference. This tool aims to consolidate cloud log events into a record of user actions, providing a succinct timeline while retaining all the raw log information. The tool will be available on GitHub and currently contains over 240 rules for classifying collections of events into user actions, with the intention of expanding the number of classifiers in the future.
While the initial focus is on AWS, the researchers may consider developing the tool for other cloud platforms in the future. However, they acknowledge that different cloud providers have unique logging challenges, and what works for AWS may not be applicable to Microsoft Azure or Google Cloud Platform due to their differing approaches to logging.
Additionally, it was highlighted that the verbosity of AWS logs contrast with Azure’s more terse logs, presenting specific challenges for each platform. Nevertheless, the team may explore integrating other cloud platforms into the tool in the future after the initial release.
Overall, the tool aims to address the struggle of sifting through immense volumes of log data to determine user actions and provide a more consolidated and actionable view of cloud log events for security managers and incident responders.