TLS1.0/1.1 - how to find the requests


Afternoon all, I received an email saying I had connections with a few S3 buckets so I know the 3 however I can't understand how to get more data. The 3 buckets all have logging on so I have an s3 bucket with the logs, but the 2 ways they say are;

  1. Log Insights. - For this it appears I need to have the actual logs goto cloudwatch logs as I don't see a way of selecting the S3 admin that has the logs.

  2. CloudTrail / Lake. This looks even easier, the doc here - I thought was the answer, but I am stuck and it maybe just the data store part. There is just that 1 line, create a data store, but I did create one, I believe the 'events' should be cloudtrail and not configuration items. Then for data events I have tried S3, s3 access points (as I am sure its one of those) and when I copy the sample query for TLS calls I get an invalid query. I even tried other sample ones and all do the same thing, immediate red x.

The sample query is here; SELECT eventSource, COUNT(*) AS numOutdatedTlsCalls FROM $EDS_ID WHERE tlsDetails.tlsVersion IN ('TLSv1', 'TLSv1.1') AND eventTime > '2023-01-17 00:00:00' GROUP BY eventSource ORDER BY numOutdatedTlsCalls DESC

So any help on the best way to get that info is appreciated.

feita há um ano485 visualizações
1 Resposta
Resposta aceita

Hey, lraymond@ can you confirm you're updating the $EDS_ID placeholder in your query with your event data store ID? i.e.

SELECT eventSource, COUNT(*) AS numOutdatedTlsCalls FROM '84d60cfd-1b4f-4e75-a235-example' WHERE tlsDetails.tlsVersion IN ('TLSv1', 'TLSv1.1') AND eventTime > '2023-01-17 00:00:00' GROUP BY eventSource ORDER BY numOutdatedTlsCalls DESC
respondido há um ano
  • :facepalm: - I was clearly overlooking that one! I thought that was more an environment variable as the left side has the event data store drop down, but now realize what/why!

    I appreciate the read and such a quick reply, saved me a lot of time on this one!

  • You're welcome!

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas