AWS CloudTrail

Version: AWS LogForwarder v1.0.10 or later.

AWS CloudTrail is one of the AWS services that facilitates you to manage, adhere, operate, and perform risk auditing of your AWS account. CloudTrail logs, continuously monitor, and retains account activity related to actions across your AWS infrastructure. It provides the event history of the AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Netsurion Open XDR facilitates monitoring events from AWS CloudTrail by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. The dashboard, categories, and reports in Netsurion Open XDR allow you to monitor overall actions performed related to the AWS CloudTrail service to keep you informed about its activities. It even triggers alerts when it performs critical and service-related activities.

For a new instance, integrate the AWS instance to Netsurion Open XDR using the Netsurion integrator lambda function, which will in turn deliver logs to Netsurion Open XDR from AWS. For an already-integrated AWS instance, make sure to update to AWS LogForwarder v1.0.1 or later.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security AWS CloudTrail – Datalake configuration changes detected This alert is triggered if there is any change in the Trail settings or any misconfiguration occurred in the CloudTrail.

Reports

Type Name Description
Security AWS CloudTrail – Activity overview This report contains information related to all the activities in AWS CloudTrail Service.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 or later, and AWS LogForwarder v1.0.10 or later.

Download Integration Guide and How-to Guide for configuration instructions and more information.