How can Cloudtrail logs be used effectively to improve log monitoring?

If you've got experience with using CloudTrails logs, please share how this can be used to improve log monitoring.

11 Answer

author avatar
Top 5LeaderboardReseller

CloudTrail logs are an excellent and necessary way to monitor activity in your AWS environment. They are the "under-the-hood" audit logs much like
OS audit data, but covering the entire cloud infrastructure. This could include things like new compute instances created, user credentials changing, new encryption keys used, databases modified, and so much more. Essentially it covers anything done through the AWS console or APIs for your various cloud services. You really need to bring those logs into a SIEM or UEBA to leverage them properly, and you need to have good alerting
triggers, correlation rules and/or behavioral models setup to tell you when something suspicious happens.

Find out what your peers are saying about Splunk, LogRhythm, IBM and others in Log Management. Updated: October 2020.
441,672 professionals have used our research since 2012.