Amazon CloudTrail

Amazon CloudTrail API

API for creating and managing CloudTrail trails, event data stores, and channels for capturing AWS API activity and storing audit logs.

Amazon CloudTrail Audit Trail Management

Workflow for audit trail management using Amazon CloudTrail for Security Analyst personas.

Consolidate activity events from AWS, external providers, on-premises, and SaaS into a unified audit trail.

Store audit-worthy events immutably to ensure tamper-proof compliance records.

Detect unusual API activity patterns with anomaly detection on management and data events.

Investigate issues using SQL queries or natural language with Amazon Athena integration.

Create trails that capture events from all AWS regions in a single S3 bucket.

Demonstrate adherence to SOC, PCI DSS, and HIPAA regulations with audit logs.

Record and monitor user and API activity for security incident detection.

Investigate operational issues by querying historical API activity.

Track who made changes to AWS resources and when for governance accountability.

Store CloudTrail logs in S3 buckets with lifecycle management.

Query CloudTrail logs using SQL via Athena integration.

Stream CloudTrail events to CloudWatch Logs for real-time monitoring.

Trigger Lambda functions based on CloudTrail events for automated response.

Send CloudTrail findings to Security Hub for centralized security management.

Amazon Cloudtrail Context

9 classes · 21 properties

Amazon CloudTrail API Rules

19 rules · 12 errors 6 warnings 1 info