Querying logs to validate security events - Amazon Web Services (AWS) Tutorial

One of the important things to do with security events is to dig in deeper, to make sure that what is happening isn't a legitimate incident that needs to be investigated. So one of the ways to do this is to make sure that log clearing is a vital process in your security operations. And this can allow you to confirm whether a suspicious activity is actually taking place. And you can also take action as a result of this. So places where you could log things would be EC2 instance, S3 buckets, VPC flow logs, and you could use services like CloudTrail or CloudWatch logs. Next, you'd want to put those locations together into a centralized logging system. So this could be S3, for example and this centralization would simplify the management and enhance the security by making sure your logs are not tampered with. Now, once you've gone through and you've done that to query it, you could use a service like Athena, which is a great way to, you know, query based on SQL. You also could do data…