About AWS CloudTrail and Alert Logic
AWS CloudTrail is an Amazon Web Services (AWS) service that logs all of your AWS account activity. CloudTrail records actions taken by a user, role, or AWS service as events. Recorded actions include those taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
AWS CloudTrail is enabled on your AWS account when you create it. AWS allows you to create additional trails to record events in specific regions and deliver them to a specified S3 bucket. For more information, see the AWS document How CloudTrail Works.
How Alert Logic products work with AWS CloudTrail
Alert Logic products treat API activity data as any other data source to capture and manage. Alert Logic Network IDS and Alert Logic Log Management with LogReview integrate with AWS CloudTrail to collect API activity data within an AWS account, and then combines the data with log data from other applications and systems.
Continual asset monitoring
When you create an AWS deployment in the Alert Logic console, you can configure the deployment with centralized AWS CloudTrail log collection to provide continual asset updates.
AWS allows you to use a separate, dedicated account with AWS CloudTrail enabled to centralize your AWS CloudTrail log collection, which requires a second IAM role to allow Alert Logic to access the AWS receiving account that collects AWS CloudTrail data. For more information, see Should you centralize CloudTrail log collection?.
You can create an AWS CloudTrail that Alert Logic can use to collect, store, and make searchable for any type of operational activity. For more information, see Log Sources.
Amazon GuardDuty is a continuous security monitoring service that requires no customer-managed hardware or software. GuardDuty analyzes and processes VPC Flow Logs and CloudTrail event logs. GuardDuty uses security logic and AWS usage statistics techniques to identify unexpected and potentially unauthorized and malicious activity, such as:
- Escalations of privileges
- Uses of exposed credentials
- Communication with malicious IPs, URLs, or domains
For more information, see Integrate Amazon GuardDuty Findings into Alert Logic Incidents.
Alert Logic uses CloudTrail data to identify potential compliance issues or threats through our analytics and reporting features.