The AWS CloudTrail Pack provides out of the box tags, alerts, saved queries and dashboards for AWS CloudTrail information. AWS CloudTrail is a web service that records AWS API calls. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.
This Pack contains the following:
- Saved Queries: Saved Queries that you can reuse to quickly get visibility into activity in your AWS account such as EC2 instance activity, User activity with your AWS account as well as important security events.
- Tags and Alerts: Tags to highlight instances of important AWS Cloudtrail events (inline with AWS Cloudtrail best practices) as well as basic alerts, anomaly alerts and inactivity alerts to highlight spikes important security events, password updates, policy related events and Ec2 instance restarts and terminations.
- Dashboards: A dashboard with charts giving visibility into AWS User actions (root and IAMUsers) as well as into the activity of your EC2 instances.
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- Installation with AWS Cloudtrail
View Pack Install Doc
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.