Report Overview:
This document outlines the process for monitoring the collection status of various log sources. The report is generated daily around 11:50 PM SGT and contains four columns: Serial number, Log source, Collection Status, and Comment. Log sources marked as "Green" with status "OK" indicate successful receipt, while those marked in "RED" with status "No Data Found !" signify missing logs.
Log sources which can be checked in S3 are :
CTA AWS account 659771031586 with their path to check : CheckPoint VPN Logs : s3://bladerunner-onprem-application-logs/bladerunner-vpn-logs/$year/$month/$day/ BeyondTrust PAM Logs :Log sources which are in INVI s3://bladerunner-onprem-application-logs/bladerunner-pam-logs/$year/$month/$day/ ICBS Application Logs : s3://bladerunner-onprem-sftp-collections/p_mft_sftp/bladerunner-invicta-sftp-icbs/ICBS-CSP-$year$month$day.tar.gz.pgp SCU Application Logs : s3://bladerunner-onprem-sftp-collections/p_mft_sftp/bladerunner-invicta-sftp-ist/SCU_TXNSHCLOG_$year$month_ist_crs$yesterday_crs.TSV.GPG Cadencie Application Logs : s3://bladerunner-onprem-sftp-collections/p_mft_sftp/bladerunner-invicta-sftp-cadencie/application-data/$year/$month/$day/ IST Node1 Application Logs : s3://bladerunner-onprem-sftp-collections/p_mft_sftp/bladerunner-invicta-sftp-ist-switch/node1/$year/$month/$day IST Node2 Application Logs : s3://bladerunner-onprem-sftp-collections/p_mft_sftp/bladerunner-invicta-sftp-ist-switch/node2/$year/$month/$day BDO-BOB Application Logs : s3://bladerunner-onprem-application-logs/BDO-BOB/$year/$month/$day BDO-POB Application Logs : s3://bladerunner-onprem-application-logs/BDO-POB/$year/$month/$day/ CRS Application Logs : s3://bladerunner-onprem-application-logs/CRS/PROD/$year/$month/$day/ ONB-POB Application Logs : s3://bladerunner-onprem-application-logs/ONB-POB/$year/$month/$day/ Crowdstrike FDR Telemetry - ON-Prem : s3://bladerunner-device-fdr/logs/$year/$month/$day/ Crowdstrike FDR Telemetry - Cloud : s3://bladerunner-device-fdr/cloud-instances-telemetry/$year/$month/$day/ Akamai Web Application Logs : s3://bladerunner-application-akamai/raw-logs/$year/$month/$day/ Azure Cloud Logs : s3://bladerunner-network-azure/$year/$month/$day/ Office365 ( M365 ) Cloud Logs : s3://bladerunner-app-office365/$year/$month/$day/ Apigee Edge Application Logs : s3://bladerunner-application-data/apigee-edge/prod/$year/$month/$day/ AWS Cloud Logs : s3://bladerunner-network-aws/bladerunner-network-aws/$year/$month/$day/ Log sources which are in Dama AWS account 224659033380 with their path to check : NDB Application Logs : s3://sftp-storage-hm/bladerunner-pay-app/extracted/$year/$month/$day/
(Updated)
Log sources which needs to be checked in elastic are :
Log sources which are in with their index to check : Active Directory Windows Logs : bladerunner-windows* CIAM Application Logs : bladerunner-database* T4S Instance application logs : bladerunner-database* Log sources which are in
Log Source Collection Verification Instructions:
For log sources in AWS S3 buckets:
Step 1: Access S3 Bucket
Log in to AWS Console: Access the AWS Management Console using your credentials. Navigate to S3: Go to the S3 service dashboard. Select the Bucket: Choose the specific bucket where the logs are anticipated to be stored. Step 2: Verify Log Source Collection
Go to the path directory and check for log files for that specific day $year - replace with year for which we are checking the logs $month - Replace with the month value for which we are checking the logs $day - replace with day for which we are checking the logs
For log sources in Elasticsearch:
Step 1: Login to Kibana
Access the Kibana interface. Step 2: Select the Index
Choose the index corresponding to the log source and inspect data from the past few hours.
Notification Procedure:
In case logs are not found for any of the listed sources, notify Alex from Bladerunner & Etienne, David, Kristan & Akhtar from HM for further investigation.
This document provides a comprehensive guide for verifying log source collection in both AWS S3 buckets and Elasticsearch. If you require further assistance or encounter any issues, please reach out for support.
