About AWS CloudTrail and Alert Logic

AWS CloudTrail is an Amazon Web Services (AWS) (AWS) service that logs activity all of your AWS account activity. AWS CloudTrail records actions taken by a user, role, or AWS service as events. Recorded actions include those taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

AWS CloudTrail is enabled on your AWS account when you create it. AWS allows you to create additional trails to record events in specific regions and deliver them to a specified S3 bucket. For more information, see the AWS document, How CloudTrail Works.

How Alert Logic products work with AWS CloudTrail

Alert Logic products treat API activity data as any another data source to capture and manage. Alert Logic Network IDS and Alert Logic Log Management with LogReview integrate with AWS CloudTrail to collect API activity data within an AWS account, and then combines the data with log data from other applications and systems.

Log Management

You can create an AWS CloudTrail that Alert Logic can use to collect, store, and make searchable for any type of operational. For more information, see Log Sources.

Continual asset monitoring

When you create an AWS deployment in the Alert Logic console, you can configure the deployment with centralized AWS CloudTrail log collection to provide continual asset updates.

AWS allows you to use a separate, dedicated account with AWS CloudTrail enabled to centralize your AWS CloudTrail log collection, which requires a second IAM role to allow Alert Logic to access the AWS receiving account that collects AWS CloudTrail data. For more information, see Should you centralize CloudTrail log collection?

Incident management

Amazon GuardDuty is a continuous security monitoring service that requires no customer-managed hardware or software. GuardDuty analyzes and processes VPC Flow Logs and AWS CloudTrail event logs. GuardDuty uses security logic and AWS usage statistics techniques to identify unexpected and potentially unauthorized and malicious activity, such as:

  • Escalations of privileges
  • Uses of exposed credentials
  • Communication with malicious IPs, URLs, or domains

For more information, see Integrate Amazon GuardDuty Findings into Alert Logic Incidents.

Compliance goals

Alert Logic uses AWS CloudTrail data to identify potential compliance issues or threats through our analytics and reporting features.

The security and compliance goals of your organization could require you to create and configure additional trails. For example, you must configure separate AWS CloudTrail logs for discovery of your AWS assets, and for Log Management.