CloudTrail and CloudWatch Integration
Enhance Your Logging Functions in AWS
To enhance event management and logging, recommendation 2.4 of the CIS AWS Foundations Benchmark states that CloudTrail logs need to be integrated with CloudWatch logs. Sending CloudTrail logs to CloudWatch Logs will support real-time and historic activity logging based on user, API, resource, and IP address, and provides opportunity to establish alarms and notifications for sensitive account activity.
For more information, visit the AWS documentation on monitoring CloudTrail log files with CloudWatch logs.
Transcription
Event management and logging in AWS is a very important part of your security posture. Ensuring that not only is CloudTrail enabled, but events are streamed to CloudWatch for monitoring is important. Organizations should configure metric alarms as well as making sure that all applicable trails are set up to stream events into CloudWatch.
Related Videos
Attributes of Log Data
Audit Trail Review with Kibana, Athena, and GuardDuty
Audit Your Security Groups for Insecure Ports and Protocols
Change-Detection Solutions in AWS
Enabling AWS Config in All Regions
Enabling CloudTrail Log File Validation
Enabling CloudTrail in All Regions
Ensure ALBs Have WAF ACLs Attached
Ensure RDS Instances are Only Accessible by Internal IPs
Ensuring Role Assumption is Logged
Filters and Alarms in CloudWatch
GuardDuty Alerts for Control Failures
How to Edit Inbound Traffic Rules for Default Security Groups
Identify Unrestricted Access to Ports for Security Groups
Identify if EC2 Instances Are Directly Connected to the Internet
Logging Tools in AWS
Logging Web ACL Data in Amazon Kinesis
Monitor Network Traffic with VPC Flow Logs
Protecting API Gateways with WAF Rules
Restrict Access to CloudTrail Logs in S3 Buckets
Restrict Security Group Access to All Ports
Retaining Your Audit Trail in AWS
Routing Outbound Traffic Through NAT Gateways
Securing Your Log Files
Using Amazon Time Sync Service
