Log files are piling up in the cloud in a dizzying variety of formats and originating from everything from mobile apps to SaaS services. Sensitive data is creeping into our log files, creating security incidents and compliance violations. How do you find and eliminate toxic data in logs before it becomes an incident?
In spite of the fact that even small changes can result in sensitive data leaking into logs, there are moments when taking a closer look is imperative. For example, are you about to roll out a new application or overhauled service? Are you newly hired and need to get a sense of what your risk posture is? Has there been a recent security incident and you want to make certain you’re in the clear? All of these (and more) are good reasons to analyze your logs for toxic data.
While logs can reside in many locations, S3 is a great starting point for analysis as it is the storage service of choice for unstructured and semi-structured data at AWS. Open Raven will automatically discover your S3 buckets for any account or organization you have configured.
From there, creating a log analysis is straightforward. You can select some or all of your available buckets, select some or all file types, and configure a scan optimized for completeness or for a partial sampling of the files within.
The final step is to select the type of data to look for-- are you primarily concerned about finding developer credentials? Regulated personal data? Patient health information? Select all or some of the available classes or create your own if you have a special case.
At the scan’s completion, it will have automatically identified all relevant log files by type and examined them for instances of the data classes you selected. Fixing any discovered problems is a click away as the results are deeplinked to the AWS Console itself for fast remediation.
Metadata associated with the file can help you identify the offending application, allowing you to stop the leak at the source.
Automating future sensitive data exposure from logs and response is simple. Create a schedule inside Open Raven for an area to be monitored, the desired policy, and the frequency to check for problems and you’re good to go.
Open Raven fits your existing response workflow through built-in integrations for Slack, GSuite, PagerDuty and more. Need a custom integration to make things work perfectly? Our firehose API and webhook features ensure we fit the way you already get things done.
