Hello Cloud Geeks,
In my organization, we are building IR procedures for respodning to cloud incidents orginating from AWS EC2 compute service. We want to collect adequate telemetry from EC2 hosts running application work loads. The EC2 instances will be predominantly running Linux AMI's.
If any one of you has worked on collecting EC2 telemetry for incident response purposes, please suggest what logs were collected and the logging and telemetry forwarding mechanism used to send the logs to a datalake or SIEM.
Thanks in advance.
------------------------------
Harish Haridasan
Security Product Manager
Booking.com
------------------------------