AWS Shield Advanced announces distributed denial-of-service (DDoS) attack flow logs, giving you packet-level visibility into traffic hitting Shield Advanced protected resources during a DDoS attack. The log data is published to Amazon S3, Amazon CloudWatch Logs, or Amazon Data Firehose, for forensic analysis and compliance purposes.
The DDoS attack flow logs, capture critical packet-level details, including source and destination IP addresses, ports, protocols, packet and byte counts, source country information, and others. The log data is automatically published to your chosen destination at 5-minute intervals during active attacks. Once published, you can retrieve and analyze your flow log data using your preferred analytics tools, enabling post-incident investigation, threat intelligence gathering, and compliance reporting. To enable flow logs, you must protect the resources with Shield Advanced, and configure log delivery based on your destination.
The feature is avaialble in all regions where AWS Shield Advanced is available. To learn more about configuring and using DDoS attack flow logs, visit the AWS Shield Advanced documentation.
Categories:
Source: Amazon Web Services
