Consultant at a tech services company with 11-50 employees
Reseller
2020-05-27T12:43:23Z
May 27, 2020
CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like
OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created, user credentials changing, new encryption keys used, databases modified, and so much more. Essentially it covers anything done through the AWS console or APIs for your various cloud services. You really need to bring those logs into a SIEM or UEBA to leverage them properly, and you need to have good alerting
triggers, correlation rules and/or behavioral models setup to tell you when something suspicious happens.
CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like
OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created, user credentials changing, new encryption keys used, databases modified, and so much more. Essentially it covers anything done through the AWS console or APIs for your various cloud services. You really need to bring those logs into a SIEM or UEBA to leverage them properly, and you need to have good alerting
triggers, correlation rules and/or behavioral models setup to tell you when something suspicious happens.