Logging and Monitoring

Why does this topic matter?

• CloudWatch is the main application from AWS that allows a company to generate logs and monitoring metrics.
• Knowing about CloudWatch and its use case is important as an IT and cybersecurity professional since it helps with keeping a high security tempo and even troubleshooting events.

Explain CloudWatch Events to a non-technical friend.

• CloudWatch events are like watching an NFL game, the game is in real time, and you got these commentators telling you stuff in real time if something changes or there is something you need to notice more. So like if there is a touchdown, a good pass, and event tackles that happen live on the broadcast the commentators and cameras will focus on it because these events servers as triggers.

What do CloudWatch Logs helps us achieve?

• These logs helps users to access, monitor, and store access log files from various AWS resources.
• These logs enables users to centralize the logs from all your systems, applications, and AWS services that you use, in a single, highly scalable service.
• The logs helps with troubleshooting systems and applications. You can filter for specific phrases, values or patterns. AWS even recommends using the unified CloudWatch agent to collect system logs.

What capabilities does CloudWatch Anomaly detection have?

• Anomaly detection applies statistical and machine learning algorithms to continuously analyze metrics of systems or applications and determines normal baselines.
• All in all it can learn and model the expected behavior of metric based on prior data.

Things I would like to know more about.

• I would like to know if in cases where hacks where attempted on a VPC, will the CloudWatch have to be configured in a specific or governance mandated way to catch the hackers? How is this implemented?