Ingesting Cloud Custodian Logs into Sumo Logic (Part 1)

Workflow
bucket policy
Example- Identify AWS Redshift Cluster Publicly Accessiblepolicies:
- name: redshift-cluster-publicly-accessible
resource: aws.redshift
comments: |
Find Redshift clusters that are publicly accessible.This is a
notify only policy. The policy run once every 24 hours.
filters:
- "tag:redshift-publicly-accessible-exempt": absent
- PubliclyAccessible: true
mode:
type: periodic
schedule: "rate(24 hours)"
execution-options:
output_dir: s3://bucket-name/cclogs/{{policy}}/
runtime: python3.8
action:
- type: delete
Boundary Regex   ^\s\s\{
Exclude Filter ^\[
Boundary Regex    ^\[(?s).*
Exclude Filter ^\[\]
Boundary Regex    Not Applicable
Exclude Filter ^\[\]

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

67 Followers

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.