How do you know if there are people in your network that shouldn’t be? The easiest way to know is by using your AWS Flow Logs. It is an AWS feature that captures meta data from all IP traffic flowing through your AWS network. It captures information such as IPs, ports, and protocols (no data payload) that allows you to see what is legitimate traffic and what is not.
Unfortunately, Amazon doesn’t make it easy. AWS gives you an API and a console to access this information. With the console, you can only search through one network interface at a time. If you are running multiple nodes, you will have to look through each interface one at a time. Or, you can use the API and write a program to sort through it the data.
This is where FlowLog-Stats.com can help you out. We will pull the data nightly and create a dashboard for you to review. We parse the mountains of information into actionable data so you don’t have to.
We also provide value-added information by cross referencing the IP list with malicious threat lists. You can see at a glance if your network is communicating with known bad IPs and what threat level these IPs are to you. For example, you most likely don’t want to leave port 3389 (Windows remote desktop protocol) or port 3306 (MySQL) open to the internet. The table below shows that these ports are being actively scanned by malicious sources.
Head on over to FlowLog-Stats.com to see how we can help you out and produce a useful daily dashboard on what is happening in your cloud.