CloudTrail and CloudWatch Integration
Enhance Your Logging Functions in AWS
To enhance event management and logging, recommendation 2.4 of the CIS AWS Foundations Benchmark states that CloudTrail logs need to be integrated with CloudWatch logs. Sending CloudTrail logs to CloudWatch Logs will support real-time and historic activity logging based on user, API, resource, and IP address, and provides opportunity to establish alarms and notifications for sensitive account activity.
For more information, visit the AWS documentation on monitoring CloudTrail log files with CloudWatch logs.
Transcription
Event management and logging in AWS is a very important part of your security posture. Ensuring that not only is CloudTrail enabled, but events are streamed to CloudWatch for monitoring is important. Organizations should configure metric alarms as well as making sure that all applicable trails are set up to stream events into CloudWatch.