Security information and event management (SIEM)

Organizations require in depth visibility into their infrastructure and applications to make faster data-driven decisions. SIEM solutions for AWS Control Tower monitor workloads in real-time, identify security issues, and expedite root-cause analysis.

These are just a few examples of security information and event management solutions. Scroll down or use the drop-down menu to learn more about each solution.

Choose a solution
  • Choose a solution
  • Cribl LogStream
  • Splunk
  • Sumo Logic

Cribl LogStream

Cribl LogStream delivers a cost-effective solution that optimizes your observability data collection. This purpose-built, vendor-neutral observability pipeline allows for the collection of data from any source to any destination, while transforming, enriching, shaping, and routing the data.

Cribl LogStream allows customers to:

  • Route data from any source to the most cost-effective destination
  • Replay data from Amazon Simple Storage Service (Amazon S3) anytime
  • Reduce data volumes while remaining compliant
  • Seamlessly migrate to the Cloud
  • Increase the resource utilization from your analytics platform

How it works

Additional resources from CriblLogStream

Splunk Cloud

Splunk’s integration into AWS Control Tower allows administrators to automatically configure and setup AWS services. Data from AWS CloudTrail, AWS Config, and other sources can be incorporated in to your Splunk deployment using Kinesis Data Firehose and Splunk HTTP Event Collector (HEC). With Splunk Cloud, you can automatically collect data from newly vended AWS Accounts and dashboards and alert compliance to AWS Control Tower Guardrails.

Splunk Cloud features include:

  • Compliance reporting with Control Tower Guardrails Dashboards
  • Automated AWS Account enrollment into Splunk data collection
  • Simplified data collection from AWS CloudTrail, AWS Config, and AWS CloudWatch Logs

How it works

Additional resources from Splunk

Sumo Logic

Sumo Logic Cloud-Native Machine Data Analytics pulls in critical operational data across services and accounts to give a unified view of AWS environments. Easily navigate from overview dashboards into account, region, availability zone, or service-specific views. Intuitive navigation across logs and metrics data ensures teams can quickly resolve issues, minimize downtime, and improve system availability. The Sumo Logic Continuous Intelligence Platform™ automates the collection, ingestion, and analysis of application, infrastructure, security, and IoT data to derive actionable insights.

Sumo Logic Cloud-Native Machine Data Analytics Service features include:

  • Self-service provisioning and the highest level of security certifications available
  • Speed issue resolution with unified service visibility and overview dashboards into account, region, availability zone, or service views
  • Intuitive navigation to ensure teams can quickly resolve issues, minimize downtime, and improve system availability
  • Reduced Time To Value (TTV) with pre-built dashboards specific to AWS services

How it works

Additional resources from Sumo Logic AI-Powered ELK-as-a-Service is a cloud-native observability platform providing unified monitoring, troubleshooting, and security for distributed cloud environments. Intelligent log analytics help engineers and businesses resolve incidents faster and simplify cloud security.’s analytics and optimization tools help businesses reduce overall logging expenses and identify production and security incidents in real-time. features include:

  • Machine learning-based automatic threat detection and aid resolution
  • Built-in integration with AWS services
  • Real-time alerting of high-priority attacks
  • Scheduled, automated reports of threats detected over a predefined timeframe

How it works

Additional resources from

– BigPanda

BigPanda has more than 20 microservices running in production with a large AWS deployment that generates 30 GB of log data every day. The sales and customer success teams at BigPanda use to analyze user behavior and success. By monitoring error messages in Kibana, they can assess which customer is experiencing issues and what kind of challenges they are facing. The ability to get insight in real time into how customers are interacting with the product has become essential to their business model.

quotes icon

With, we were able to triple our infrastructure and team without a moment’s thought on scaling our logging infrastructure. saved us thousands of hours that would have otherwise been spent on maintaining and running ELK.

– BigPanda