AWS CloudTrail

Overview

AWS CloudTrail is one of the AWS services that facilitates you to manage, adhere, operate, and perform risk auditing of your AWS account. CloudTrail logs, continuously monitor, and retains account activity related to actions across your AWS infrastructure. It provides the event history of the AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Netsurion facilitates monitoring events from AWS CloudTrail by parsing the AWS CloudTrail logs and triggers from Amazon EventBridge. The dashboard, categories, and reports in Netsurion’s threat protection platform, EventTracker, benefit in tracking the overall actions performed related to the AWS CloudTrail service to keep you informed about its activities. It even triggers alerts when it performs critical and service-related activities.

For a new instance, integrate the AWS instance into EventTracker using the EventTracker integrator lambda function, which will, in turn, deliver the logs to EventTracker from AWS. Configure the alerts, dashboards, and reports in EventTracker after configuring to transfer the events to EventTracker Manager.

Note: For an existing integrated AWS instance, upgrade to ETS_AWS_LogForwarder v1.0.10 or later.

Scope

The configuration details are consistent with EventTracker version 9.3 or later, and ETS_AWS_LogForwarder v1.0.10 or later.

Documentation

To configure AWS CloudTrail to send logs to EventTracker, refer to the How-To Guide.

For configuring Knowledge Packs in the EventTracker console, refer to the Integration Guide.