Introduction
Amazon Web Services (AWS) is the market-leading cloud service provider for many reasons. One of the reasons for its market share is the breadth and depth of security services available to organizations hosted on AWS. With new services being released almost daily, it is understandable for security practitioners to get lost in the many options to secure your AWS account. AWS CloudTrail is one of these services that are commonly underused but fairly simple to set up and critical for security governance, detection, and incident response.
What is CloudTrail, and Why Does it Matter?
AWS CloudTrail is an AWS service that helps you audit your AWS account, providing complete visibility into the governance, compliance, and risks of your AWS account. Logging is an integral component of any cybersecurity program.
All actions taken by a user, role, or an AWS service are logged and recorded as events in CloudTrail. AWS outlines six best practices for security in the cloud, one of the six is detection. CloudTrail is the recommended service to implement detective controls to identify a potential security threat or incident. If you are hosted on AWS, CloudTrail should be a core component of your governance program and can be used to support a quality control process, a legal or compliance obligation, and for threat identification and response efforts.
How to Configure CloudTrail and Monitor For Security-Related Events
1. Create a Trail.
When you create your AWS account, AWS CloudTrail is enabled by default. For an ongoing record of activity and events, analysis and log retention, create a trail in your account. Crea ..
Support the originator by clicking the read the rest link below.
