A company operates a web application on an Apache web server hosted on Amazon EC2 instances within an Auto Scaling group. These EC2 instances are configured to forward Apache web server logs to an Amazon CloudWatch Logs group, which is set to automatically expire after one year. Recently, the company identified suspicious activities in the logs, specifically a series of requests from a particular IP address. A security engineer has been tasked with analyzing the logs from the past week to ascertain the volume of requests from this IP address and to identify the URLs that were accessed. What is the most efficient method for the security engineer to conduct this analysis?

Exam-Like

Export the CloudWatch Logs group data to Amazon S3. Use Amazon Macie to query the logs for the specific IP address and the requested URL.

0.0%

Configure a CloudWatch Logs subscription to stream the log group to an Amazon OpenSearch Service cluster. Use OpenSearch Service to analyze the logs for the specific IP address and the requested URLs.

0.0%

Use CloudWatch Logs Insights and a custom query syntax to analyze the CloudWatch logs for the specific IP address and the requested URLs.

66.7%

Export the CloudWatch Logs group data to Amazon S3. Use AWS Glue to crawl the S3 bucket for only the log entries that contain the specific IP address. Use AWS Glue to view the results.

33.3%

AWS Certified Security - Specialty

Get started today

Comments