CloudLogCollector

This project provides a set of scripts to collect and save audit logs from various cloud providers, including Google Cloud Platform (GCP), Microsoft Azure, Microsoft Entra ID (formerly Azure AD), and Amazon Web Services (AWS).

Features

GCP Audit Logs: Retrieve and save GCP audit logs within a specified time range.
Azure Activity Logs: Retrieve and save Azure activity logs within a specified time range.
Microsoft Entra ID Sign-In Logs: Retrieve and save Microsoft Entra ID sign-in logs within a specified time range.
AWS CloudTrail Events: Retrieve and save AWS CloudTrail events within a specified time range for given accounts and roles.

Prerequisites

Python 3.x
Google Cloud SDK
Azure SDK for Python
AWS SDK for Python (Boto3)

Installation

Clone the repository:

git clone https://github.com/yourusername/cloud-audit-log-collector.git
cd cloud-audit-log-collector

Install the required Python packages:
```
pip install -r requirements.txt
```

Usage

GCP Audit Logs

To retrieve and save GCP audit logs:

from datetime import datetime, timedelta
import gcp_audit_logs

now = datetime.utcnow()
yesterday = now - timedelta(days=1)

gcp_audit_logs.enable_api('your-project-id', 'logging.googleapis.com')
gcp_audit_logs.get_gcp_logs(yesterday, now, 500, filename='gcp_audit_logs.json')

Azure Activity Logs

To retrieve and save Azure activity logs:

from datetime import datetime, timedelta
import azure_activity_logs

now = datetime.utcnow()
yesterday = now - timedelta(days=1)

azure_activity_logs.get_azure_logs(yesterday, now, filename='azure_events.json')

Microsoft Entra ID Sign-In Logs

To retrieve and save Microsoft Entra ID sign-in logs:

from datetime import datetime, timedelta
import entraid_signin_logs

now = datetime.utcnow()
yesterday = now - timedelta(days=1)

entra_id_signin_logs.get_entra_id_signin_logs(yesterday, now, filename='entra_id_signins.json')

AWS CloudTrail Events

To retrieve and save AWS CloudTrail events:

from datetime import datetime, timedelta
import aws_cloudtrail_events

now = datetime.utcnow()
yesterday = now - timedelta(days=1)

aws_cloudtrail_events.get_aws_cloudtrail_events(['account-id-1', 'account-id-2'], 'role-name', yesterday, now, filename='aws_events.json')

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
CloudLogCollector.py		CloudLogCollector.py
README.md		README.md
aws_cloudtrail_events.py		aws_cloudtrail_events.py
azure_activity_logs.py		azure_activity_logs.py
entraid_signin_logs.py		entraid_signin_logs.py
gcp_audit_logs.py		gcp_audit_logs.py
requirements.txt		requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CloudLogCollector

Features

Prerequisites

Installation

Usage

GCP Audit Logs

Azure Activity Logs

Microsoft Entra ID Sign-In Logs

AWS CloudTrail Events

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

O3-Cyber/CloudLogCollector

Folders and files

Latest commit

History

Repository files navigation

CloudLogCollector

Features

Prerequisites

Installation

Usage

GCP Audit Logs

Azure Activity Logs

Microsoft Entra ID Sign-In Logs

AWS CloudTrail Events

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages