Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 3972 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cloudwatch Event

Br3tt

Hi,

I was wondering whether someone might be able to help me write a cloudwatch event which would alert when a VPN connection is established and extract the username, time, source and destination IP addresses?

Really appreciate any guidance or even just some sample json strings you may have created for other sophos logs.

Thanks,

Brett



This thread was automatically locked due to age.
Parents
  • +1

    I kind of worked around this issue by leveraging Humio. Humio was able to injest my Cloudwatch logs and then I could write simple email based alerts to tell me if I had successful or failed VPN connection and in the same manner, alerts for concerning wireless connections.

    It's also free, cloud based and the logs fall in under their limits.

Reply
  • +1

    I kind of worked around this issue by leveraging Humio. Humio was able to injest my Cloudwatch logs and then I could write simple email based alerts to tell me if I had successful or failed VPN connection and in the same manner, alerts for concerning wireless connections.

    It's also free, cloud based and the logs fall in under their limits.

Children
No Data
Unfiltered HTML