New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
New Blog --> Crushing False Positives: Supercharging SOC Efficiency with Smarter Threat Intel
Start Free Trial

ChaosSearch Blog

3 MIN READ

Simplifying Log Management Tools Implementation

Adding and configuring new log management tools can be cumbersome and time-consuming, especially when the product requires additional steps that you may not be expecting. At CHAOSSEARCH, we believe in simplicity. Our goal is to provide you with a high-performance, low-cost log management platform with streamlined configuration.

Infrastructure as code is nothing new to most engineers in the cloud space. So, when technical operators try new services, they want the integration to be easy. What they don’t want is to log into multiple services/tools to configure what should be a simple setup. And they certainly don’t want to read lengthy documentation to ensure account setup is properly configured. It’s time-consuming and highly error-prone.

Getting new technology off the ground is hard — it becomes even harder when relying on third-party tools to behave as they previously have in prior deployments. To remove the setup friction, users now have access to CHAOSSEARCH supported automation templates to integrate AWS S3 buckets with the platform without having to scour through pages of documentation to ensure each step is accurate. The new CHAOSSEARCH templates were developed using AWS CloudFormation and are available on our documentation page for use as is or to customize for your unique needs.

The CloudFormation stacks that are available will automatically build the necessary resources that CHAOSSEARCH requires to start working with your log data stored in S3. The simplest stack will provision a new IAM Role & Policy and allow access to a specific S3 bucket of your choosing. For a more robust deployment, we created a stack that will build the foundation (IAM Role & Policy with S3 access), but also start building a logging process that is repeatable and scalable. The additional resources used in this stack include AWS SQS with an increased VisbilityTimout of 5 minutes and the enabling of s3:ObjectCreated:* notifications, which are now being sent to the SQS queue for indexing in CHAOSSEARCH. We decided to skip the use of Lambda functions and SNS Topic because it is not a requirement and AWS does a really nice job allowing for communication between products.

Below is the CloudFormation template for your use. Check it out and be up and running with one click within minutes of starting a trial with CHAOSSEARCH. Let us know how it works for you. The code is available on our Github.

About the Author, Kevin Davis

Kevin Davis was a senior director of Sales Engineering at ChaosSearch, where he helped customers activate their data lakes for search and analytics of log data. To see what Kevin’s up to now, connect with him on LinkedIn. More posts by Kevin Davis