By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Filtering and getting alert for traffic which not from specific CIDR's in opensearch

0

Hi All, we have an use case like, we have allowed one cidr (10.0.0.0/8) in our NACL of NLB Subnet. so we are sending our VPC flow logs for NLB subnet ENI to cloudwatch and from there ,using subscription filter we are forwarding it to opensearch, i am able to see the flow logs in Discover, Now, there is a requirement, whenever there is a traffic except from 10.0.1.0/24 and 10.0.2.0/24 Cidrs tries to visit my NLB . i should get an alert from opensearch and also should be able to create dashboard with ips which are not from this (10.0.1.0/24 and 10.0.2.0/24)

can anyone please help how can achieve this in opensearch to get and alert for such kind of traffic is hitting my NLB

Topics
Management & GovernanceServerlessAnalyticsNetworking & Content DeliveryDeveloper Tools
Tags
Amazon CloudWatchAmazon OpenSearch ServiceElastic Load BalancingMonitoring & LoggingVPC Flow Logs
Language
English
Shriram
asked 14 days ago348 views
No Answers

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content