Wazuh AWS rules focus on providing the desired visibility within the Amazon Web Services platform.
The following sections describe some use cases for IAM, EC2, and VPC services. The structure followed in the document is always the same: You will see the definition of the rule that matches with the log message generated by the AWS event. In addition, for each of the examples, you will see an screenshot of the alerts in Kibana. Remember that an alert is triggered when the log message matches a specific rule if its level is high enough (alert threshold is configurable).
- S3 use cases
- IAM use cases
- EC2 use cases
- VPC Use cases