AWS just announced that CloudTrail, the AWS’ API logging system, is available within the GovCloud region. CloudCheckr is proud to be able support this service enhancement as it will continue to spur the adoption and migration into AWS in general and into the GovCloud region in particular.
What is CloudTrail? How does it work?
CloudTrail is AWS’ response to audit and compliance demands. In order to maintain compliance with one of the many auditing standards, you need to implement continuous monitoring and demonstrate the ability to provide evidence when needed. CloudTrail helps you fulfill those requirements. It records each API call made within your AWS environment to provide a rich audit trail of the activity. However, having access to CloudTrail is just the first step. Once you have verified CloudTrail is enabled and configured properly, you will need to ingest the CloudTrail files, parse them, and turn them into actionable information.
Through CloudTrail you can monitor for actions such as:
- Unauthorized access attempts
- Who started, stopped, deleted, or created an instance or resource
- Connections from unauthorized locations, countries, people, or IP addresses
- Insider access to sensitive data
- Malicious hacking attempts
How CloudCheckr works with AWS CloudTrail
CloudCheckr ingests both the configuration and logs from CloudTrail to provide visibility and actionable information about your resources in Amazon Web Services. Using CloudCheckr you can analyze, search, understand, and alert on changes to resources and API activity recorded by CloudTrail.
Within CloudCheckr, you setup a read-only IAM user for AWS that is used to automatically collect your CloudTrail configuration, verify it has been setup correctly, alert on a misconfigured Trail, and apply best practice policies. After verifying your configuration, CloudCheckr automatically finds and ingests your CloudTrail logs into a format that can be searched and analyzed. Again, our best practice engine pours through your logs finding security events and highlighting abnormal activity. Once setup, CloudCheckr continuously looks through the logs for new events and emails you when something abnormal occurs.
CloudCheckr can be used to filter and find specific actions in your logs. Using its CloudTrail search engine, you can visualize the activities of a specific user, specific resource, identify failed activities, specific actions, or specific IP Addresses.
Because CloudCheckr is designed from the ground up specifically for CloudTrail, it provides you a deep understanding of AWS events and is able to tie back to AWS resources, IAM users, and costs.
Try CloudCheckr free
Sign up for a free trial of CloudCheckr and experience our CloudTrail reporting on your own environment!