Resources

Packs

AWS CloudTrail Packs 1




AWS CloudTrail Packs provide enhanced visibility into AWS CloudTrail data with saved queries, real-time alerting and dashboards.

AWS Cloudtrail Pack

The AWS CloudTrail Pack provides out of the box tags, alerts, saved queries and dashboards for AWS CloudTrail information. AWS CloudTrail is a web service that records AWS API calls. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service.

This Pack contains the following:

  • Saved Queries: Saved Queries that you can reuse to quickly get visibility into activity in your AWS account such as EC2 instance activity, User activity with your AWS account as well as important security events.
  • Tags and Alerts: Tags to highlight instances of important AWS Cloudtrail events (inline with AWS Cloudtrail best practices) as well as basic alerts, anomaly alerts and inactivity alerts to highlight spikes important security events, password updates, policy related events and Ec2 instance restarts and terminations.
  • Dashboards: A dashboard with charts giving visibility into AWS User actions (root and IAMUsers) as well as into the activity of your EC2 instances.

Requirements:
- Logentries Account - Don't have a Logentries Account? Sign up for a free account
- Installation with AWS Cloudtrail

Contribute:
You can contribute to the contents of this Pack or submit a new pack by creating a GitHub Pull Request.
- Please see the GitHub Repository here: https://github.com/logentries/le_community_packs
- For instructions on how to create and format packs please see the documentation.

Download Pack View Pack Install Doc

Start Your Free
30-day Trial Now

No credit card required!
Get set-up in minutes.

Start Free Trial Setup a Demo