< ciso
brief />
Tag Banner

All news with #log management tag

36 articles

Amazon OpenSearch launches log analytics engine

πŸ” Amazon OpenSearch Service introduces a new engine optimized for log analytics that combines faster analytical queries with full-text search. The engine delivers up to 4x better price-performance on internal benchmarks, up to 70% lower storage using columnar storage, 2x higher ingestion throughput, and 2x faster analytical queries. It supports OpenSearch 3.5+, PPL and SQL queries, JDBC/ODBC drivers, and mixed full-text plus analytical predicates. The capability is available across 12 global AWS regions with no additional engine charges.
read more β†’

CloudWatch Logs adds resource tag enrichment

πŸ” Amazon CloudWatch Logs now enriches log events with AWS resource tags at ingestion, enabling filtering, searching, and analysis by metadata such as team ownership, environment, cost center, or application name without changing logging instrumentation. Tags are applied at ingestion so you can use them immediately in log queries to scope analysis and incident investigations. The feature is available in all commercial AWS Regions except UAE, Bahrain, and Israel (Tel Aviv). Enable resource tags on telemetry in Amazon CloudWatch Settings, via the AWS CLI, or SDKs; tag enrichment is provided at no extra cost.
read more β†’

Amazon S3 delivers server access logs to CloudWatch

πŸ“£ Amazon S3 now supports delivering server access logs to Amazon CloudWatch Logs, enabling instant querying, alarms, cross-account and cross-Region aggregation, and AWS KMS encryption for access log data. You can also mirror logs to Amazon S3 Tables in Apache Iceberg format at no additional storage cost. These delivery options complement existing free delivery to S3 buckets and provide more flexibility for monitoring and analysis.
read more β†’

Amazon CloudWatch adds managed syslog ingestion

πŸ“₯ Amazon CloudWatch Logs now offers managed syslog ingestion, allowing firewalls, routers, switches, and Linux servers to send syslog messages directly to CloudWatch without agents. It accepts TCP, TCP+TLS, and UDP to a VPC endpoint and supports RFC 5424, RFC 3164, and Cisco FTD/ASA formats. CloudWatch automatically parses messages to extract fields like facility, severity, hostname, and application, enabling immediate querying via Logs Analytics. The feature is available in all commercial AWS Regions except UAE, Bahrain, and Israel.
read more β†’

Amazon CloudWatch Adds Log Analytics Console

πŸ› οΈ Amazon CloudWatch introduces Log Analytics, a unified console that combines CloudWatch Logs Insights, Live Tail, and Contributor Insights for integrated log querying, real-time streaming, and contributor identification. Users can run multiple queries in tabs, leverage patterns, saved queries with parameters, facets, natural language query generation, and visualizations. Live Tail and Contributor Insights are accessible within Log Analytics, which is the default experience, while opt-out users retain separate access to each feature. The capability is available in all commercial AWS Regions and uses existing pricing for Logs Insights queries, Live Tail, and Contributor Insights.
read more β†’

OMB M-26-14: From Data Hoarding to Active Defense

πŸ” The OMB Memo M-26-14 ends compliance-driven data hoarding and mandates a risk-based, machine-speed logging approach. It requires six months of logs to be hot and searchable and one year retrievable, expands visibility to IoT/OT, and emphasizes continuous event monitoring and AI-driven detection. Legacy SIEMs struggle to meet these goals; Palo Alto Networks positions Cortex XSIAM as a FedRAMP-certified solution built for index-free, AI-enabled, cross-domain threat hunting.
read more β†’

Attack Techniques Targeting Cloud Logging Services

πŸ” Cloud logging services like AWS CloudTrail and Google Cloud Logging offer essential visibility into cloud activity but are also high-value targets for attackers. This article examines two primary attack goalsβ€”defense evasion and establishing continuous visibilityβ€”and demonstrates methods attackers use to disrupt or exfiltrate logs. It outlines practical attack techniques such as stopping logging, deleting storage or routers, abusing encryption keys, and log poisoning, and highlights detection and mitigation approaches.
read more β†’

CloudWatch Logs Insights adds 23 query commands

πŸ” Amazon CloudWatch Logs Insights now supports 23 new query commands and functions to enhance log querying, parsing, transformation, and analysis. The update adds hash functions (md5, sha256), string and conversion utilities (strcontains, split, toNumber, toInt), IP utilities (ipv4ToNumber, isPrivateIP), analytics functions (rate, count_over_time, histogram), and expanded parsing capabilities (parse CSV, XML, multi). Queries can now use β€œlimit any N” and up to 10 stats commands, and these features are available in all commercial AWS Regions.
read more β†’

Amazon EKS Capabilities add CloudWatch Vended Logs

🟣 Amazon EKS Capabilities can now be configured as log delivery sources using Amazon CloudWatch Vended Logs to capture logs from managed controllers such as Argo CD, AWS Controllers for Kubernetes (ACK), and kro. Customers can enable delivery via CloudWatch APIs or the AWS Console and send logs to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. The feature is available in all Regions that support EKS Capabilities and incurs standard CloudWatch Vended Logs pricing with no additional EKS charge.
read more β†’

AWS Shield Advanced adds DDoS attack flow logs

πŸ“‘ AWS Shield Advanced now provides DDoS attack flow logs that deliver packet-level visibility into traffic targeting Shield-protected resources. The logs capture source and destination IPs, ports, protocols, packet and byte counts, and source country details, and are published every five minutes during active attacks. Log data can be delivered to Amazon S3, Amazon CloudWatch Logs, or Amazon Data Firehose for forensic analysis, threat intelligence, and compliance. To use the feature, resources must be protected by Shield Advanced and log delivery must be configured; the feature is available in all regions where Shield Advanced operates.
read more β†’

Cloudflare’s Unified Data Platform: Town Lake

πŸ“Š Cloudflare built Town Lake, a lakehouse-style unified data analytics platform, and Skipper, an AI data agent, to make its vast telemetry and logs queryable and auditable. Town Lake combines Trino, Iceberg on R2, a metadata catalog, PII scanning, access control, and ELT tooling to provide fresh, accurate, and governed data. Skipper lets non-SQL users ask natural-language questions, produce correct SQL-backed answers, and create shareable charts and dashboards.
read more β†’

CloudWatch Logs Insights adds new query capabilities

πŸ” Amazon CloudWatch Logs Insights query language gains 13 new commands and functions to enhance log querying, transformation, and analysis. New features include string and numeric functions like round, startswith, endswith, case, regex_replace, and haversine, encoding/decoding functions such as urlencode, urldecode, base64encode, base64decode, and parse/analysis commands like parse logfmt, expand, and relevantfields. These additions enable prefix filtering, inline Base64 decoding, logfmt parsing, JSON array expansion, geographic distance calculation, and automatic surfacing of relevant fields across high-cardinality groups.
read more β†’

CloudWatch Logs Insights Adds Tag-Based Log Group Queries

🏷 CloudWatch Logs Insights now supports querying log groups by tags, allowing searches across all log groups that share key-value tags without listing them explicitly. Tags such as Environment:Production, Application:PaymentService, or Owner:TeamName let teams scope queries by environment, application, or ownership. As log group tags are added or removed, queries automatically reflect the matching log groups, reducing operational overhead as environments scale. This capability is available today in all commercial AWS Regions.
read more β†’

CloudWatch Logs Insights Adds JOIN and Sub-query Support

πŸ”Ž Amazon has added JOIN and sub-query commands to CloudWatch Logs Insights, enabling queries that span multiple log groups and correlate data from different sources. The new capabilities remove the need to run separate queries and manually merge results, accelerating troubleshooting and investigations. Typical uses include correlating application and infrastructure errors, analyzing security events across services, and tracking user sessions across distributed systems. The features are available today in all commercial AWS Regions.
read more β†’

Amazon MSK Replicator adds end-to-end replication logs

πŸ” Amazon MSK Replicator now delivers replicator logs that provide end-to-end visibility into replication health. The logs surface critical replication events, client errors, and steady-state activity, and include prescriptive guidance to help operators resolve common issues more quickly. Common problems called out in log entries include insufficient permissions on source topics, partition quota exhaustion on target clusters, and records exceeding size limits. You can enable log delivery when creating or updating a Replicator via the AWS Console, AWS CLI, or AWS CloudFormation and forward logs to Amazon CloudWatch, Amazon S3, or Amazon Data Firehose.
read more β†’

AWS Managed Microsoft AD: Kerberos Encryption Logs

πŸ”’ AWS Managed Microsoft AD can now forward Kerberos Encryption audit event logs (Event IDs 201–209) to Amazon CloudWatch Logs. These logs provide visibility into whether clients and services negotiate RC4 or AES encryption, helping you decide whether to upgrade clients for stronger protection or retain compatibility. Enable log forwarding from the directory's Network and Security tab in the Directory Service console. This feature is available in all AWS Regions offering the service except UAE and Bahrain.
read more β†’

Configuration-Driven ETL to Convert Logs to OCSF at Scale

πŸ” The AWS Professional Services team provides a configuration-driven ETL accelerator that converts custom security logs into OCSF v1.1 and writes OCSF-compliant Parquet files partitioned for use with Amazon Security Lake or other data lakes. The serverless-first solution uses S3, Lambda, DynamoDB, Step Functions and either AWS Glue or EMR Serverless, and ingests mapping and metadata CSVs to drive transformations. An open-source GitHub repository includes deployment artifacts, example mappings, and instructions to validate outputs and run historical loads.
read more β†’

Amazon CloudWatch Pipelines Adds Conditional Processing

βš™οΈ Amazon CloudWatch pipelines now supports conditional processing and a new Drop Events processor, letting you apply transformations only to matching log entries. You can set processor-level 'run when' conditions or entry-level conditions across 21 processors such as Add Entries, Grok, and Rename Key. The Drop Events processor filters unwanted entries from third-party connectors to reduce noise and lower costs. These features are available at no additional charge where pipelines are generally available; standard CloudWatch Logs ingestion and storage rates still apply.
read more β†’

CloudWatch Logs Insights: lookup Command for Context

πŸ” Amazon CloudWatch Logs Insights introduces a new lookup command that lets you enrich log query results by joining log fields with external CSV-based reference tables. Upload a CSV file via CloudWatch β†’ Settings β†’ Logs and reference the table in Logs Insights queries to translate opaque IDs, IPs, or internal resource identifiers into human-readable values at query time. The CSV data does not count toward CloudWatch Logs Insights per-GB scanned query charges, and the capability is available today in all commercial AWS Regions.
read more β†’

CloudWatch log centralization adds data source filters

πŸ” Amazon CloudWatch centralization now supports selecting logs by data source name and type in addition to log group names. Customers can target AWS service logs (automatically discovered) and application logs (via log group tags) to copy telemetry from multiple accounts and regions into a single destination account. Rules can focus on types like VPC Flow Logs, EKS Audit Logs, and CloudTrail Logs to simplify security and operational monitoring. Create or modify centralization rules in the console, AWS CLI, or SDKs; standard CloudWatch Logs pricing applies for ingestion, storage, and data transfer.
read more β†’