Y
Hacker News
new
|
ask
|
show
|
jobs
by
nonane
1484 days ago
> A better way to handle it (imo) is to just enable VPC flow logging and pull the cloudwatch stream into your SIEM
Thank you. Any recommendations for SEIM for a small company?
2 comments
Forbo
1484 days ago
I'd say just spin up a SecurityOnion stack. It's essentially a "SOC-in-a-box". I had a proof of concept machine spun up and generating alerts off of replayed PCAPs in a day.
link
spydum
1484 days ago
check out managed instances like azure sentinel
link