Learn how Trend Vision One™ ingests AWS VPC Flow Logs to detect threats and attacks, provide response actions, and generate a visual representation of the logs.
When connecting or updating an AWS account in Cloud Accounts, you can enable the Cloud
Detections for AWS VPC Flow Logs feature to gain insight into your VPC traffic, with
detection models to identify and provide alerts on malicious IP traffic, SSH brute
force attacks, data exfiltration, and more.
Trend Vision One™ ingests AWS VPC Flow Logs and analyzes them for suspicious or malicious traffic activity.
You can view the results in the following
Trend Vision One™ apps:
-
: The Workbench app provides insight into high-priority correlated alerts, which you can investigate to understand the scope of the issue, get a list of highlighted events, and view and act upon each alert.
Tip
To view a list of Workbench insights for AWS VPC Flow Logs, use the Data source/processor filter to display all Cloud Detections for AWS VPC Flow Logs insights.For more information, see Workbench. -
: View AWS VPC Flow Log events detected in your AWS environment and drill down into an event to view details.
Tip
To view a list of events generated by AWS VPC Flow Logs, use the Data source/processor filter to display all Cloud Detections for AWS VPC Flow Logs events.For more information, see Observed Attack Techniques. -
: Use search queries to view AWS VPC Flow Logs.
To set up Cloud Detections for AWS VPC Flow Logs, do the following:
-
Estimate your XDR for Cloud credit usage and allocate credits by clicking XDR Credit Usage in .
-
Enable Cloud Detections for AWS VPC Flow Logs when connecting or updating an AWS account.