Georgios Kapoglis — Serverless Log Analysis On AWS — DEF CON 27 Blue Team Village

In this talk we will go over traditional log analysis methods for AWS Cloudtrail logs and why we needed to find a better way of performing such investigations. We will then dive into AWS Athena which is essentially a serverless hive on the cloud “too many buzzwords alert” and how we use it to perform log analysis on the cloud under a centralized, efficient and transparent framework. We will go over use cases and examples of investigations, showcase investigations and showcase how Athena helped us perform more efficiently than the traditional methods mentioned before. Additionally, we will mention use cases for other type of log analysis like apache access logs, ELB and ALB logs, etc. Lastly, we will demo AWS Athena and analyze over 50GB of logs in under 1 minute, all done on the cloud serverless without the need to spin up any instances or servers. In the end, we will describe the countless possibilities for future work which include, automation, threat hunting and continuous monitoring of your AWS environment.