AWS CloudTrail

AWS CloudTrail consolidates events from over 160 AWS services, providing a single information feed for ingestion by event processing engines. 

Securonix integrates with the AWS CloudTrail API to enable security monitoring across all AWS services, as well as using event information for context enrichment and to enable threat chaining across the enterprise infrastructure.

Audit Source: CloudTrail Logs/API Service/Module Covered Event Types Related Threats Details
CloudTrail Event Name, Event Time, User Name, Resource Type, Resource Name, View Event Details Data Events, Management Events All Threat Modules invoked CloudTrail consolidates events from 160+ AWS Services