Continuously audit and monitor AWS CloudWatch log group configurations and enforce security compliance as code with Panther.
CloudWatch Logs enables teams to centralize logs from systems, applications, and AWS services. Use Panther to track real-time changes to your CloudWatch logs to ensure configurations meet your business requirements for security and compliance.
Monitoring CloudWatch is critical for understanding the history of log changes and detecting suspicious activity. Use Panther’s built in policies for continuous security monitoring of CloudWatch, or write your own detections in Python to fit your internal business use cases.
Common security use cases for CloudWatch with Panther include:
- Encrypt logs with a CMK to protect sensitive data
- Adjust the retention policy for each log group.
How it Works
The integration is simple and fast:
- Connect your AWS account to Panther
- A baseline scan is performed to identify all existing CloudWatch’s in your account(s)
- Built-in detections identify security issues
- Alerts will be sent if non-compliant CloudWatch’s exist
Use Panther to search CloudWatch in an account by name, view their compliance status, associated policies, and configured remediations.
CloudWatch Log Analysis
Panther can also collect, normalize, and analyze your CloudWatch events logs to detect suspicious activity in real time. Learn more about using Panther to analyze your AWS logs for security insights.