What is machine data ?
Real-Time Behavior Analysis, Attack Vector Targeting, Data Logging, Operational Intelligence, Internet of Things
August 10, 2019

Machine data is information automatically generated by computer software in the form of a log message, debug message, error message, or status message, as a response to an event. Usuallly the information was generated for the purpose of troubleshooting computer software and computer hardware. Machine data includes informative information about the performance of an operating system from services and processes like package management, resource utilization, and network management.

AWS Logs
Informative data from support service monitoring, alarms and a dashboards for metrics, and can also track security-relevant activities, such as login and logout events.
Authentication data can help identify users that are struggling to log in to applications and provide insight into potentially anomalous behaviors, such as activities from different locations within a specified time period.
Firewall data can provide visibility into blocked traffic in case an application is having communication problems. It can also be used to help identify traffic to malicious and unknown domains.
Network Statistics
Network statistical data can provide visibility into the network's role in overall availability and performance of critical services. It's also an important source for identifying advanced persistent threats.
System Logs
System logs are key to troubleshooting system problems and can be used to alert security teams to network attacks, a security breach or compromised software.
Web Server
Web logs are critical in debugging web application and server problems, and can also be used to detect attacks, such as SQL injections.
Sensor Data
Sensor data can provide visibility into system performance and support compliance reporting of devices. It can also be used to proactively identify systems that require maintenance.