Consultant at a tech services company with 11-50 employees
Reseller
May 27, 2020
CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like
OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created, user credentials changing, new encryption keys used, databases modified, and so much more. Essentially it covers anything done through the AWS console or APIs for your various cloud services. You really need to bring those logs into a SIEM or UEBA to leverage them properly, and you need to have good alerting
triggers, correlation rules and/or behavioral models setup to tell you when something suspicious happens.
Log Management is the practice of collecting, storing, and analyzing log data from various sources within an IT environment to improve security, compliance, and operational efficiency.
Efficient Log Management allows organizations to detect anomalies, troubleshoot issues, and ensure compliance with industry regulations. Logs come from diverse sources, including servers, applications, and network devices. Handling and analyzing this data effectively can offer significant insights into system...
CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like
OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created, user credentials changing, new encryption keys used, databases modified, and so much more. Essentially it covers anything done through the AWS console or APIs for your various cloud services. You really need to bring those logs into a SIEM or UEBA to leverage them properly, and you need to have good alerting
triggers, correlation rules and/or behavioral models setup to tell you when something suspicious happens.