With the release of the AWS CloudTrail, Amazon Web Services is making activity log data available to AWS users. This new service gives AWS users access to useful information on who makes changes within an account, what they are and when and where they happen. Alert Logic has added support for CloudTrail in the Log Manager service.
Tracking activity data is a good practice for security purposes and also a requirement if you need to comply with PCI, HIPAA, GLBA, Sarbanes-Oxley and other regulations. And it’s not just a matter of collecting the data; to show compliance, auditors also need detailed documentation and reports.
In AWS environments, the responsibility for this data is shared. AWS makes the data available and it’s your responsibility to manage it.
he quickest way to get started with CloudTrail is to use the AWS Management Console. You can turn on CloudTrail in two clicks. There is no additional charge for CloudTrail, but standard rates for Amazon S3 and Amazon Simple Notification Service (SNS) usage apply.
CloudTrail is simply another data source for Log Manager. Instead of telling Log Manager to access logs for an application or device, you tell Log Manager to look for CloudTrail logs in a S3 data store and those logs are pulled into Log Manager like any other log files.
Once you access the CloudTrail log, you’ll have access to activity information like:Starting, stopping, terminating, rebooting of instancesCreating or deleting of security groupsCreating and deleting of usersUpdating of user profilesAdding and removing of groupsUpdating of role and password policiesSigning certificate upload or deletion
Log Manager manages more than just CloudTrail data … it collects and normalizes log data from your entire infrastructure.
If you’d like to learn more about Log Manager and request a free trial so you can try it yourself, visit www.alertlogic.com/amazon-solutions.
Tracking Activity Data in AWS
Tracking Activity Data in AWS
Alert Logic Log Manager CloudTrail Integration
Why Track Activity Data?
Lots of reasons, including…
To comply with PCI, HIPAA, GLBA,
Sarbanes-Oxley and other
regulations, you need to answer
questions like “who gave that user
access” and “who viewed this data”
It’s not just a matter of collecting
the data, auditors also need
detailed documentation for this
user activity data.
Who’s Responsible in AWS?
• Secure coding and best practices
• Software and virtual patching
• Configuration management
• Access management
• Application level attack monitoring
Promiscuous mode prevented
Deny-all default in security group
Root access provided to customer
to manage it.
• Network threat
• VPC provides Logically isolated environments
• Security groups filter inbound/outbound
• External DDoS, spoofing and scanning
Enabling AWS CloudTrail Logs
You can turn on
with just a few
clicks from your
View Activity in Log Manager
Why Log Manager for AWS?
Cloud-Based Security Log Analysis
All Log Data, All Together Collect, archive and analyze log and machine data in real-time
from AWS CloudTrail and all your other data sources
Fast & Intuitive Search Query builder to uncover insight without learning new language
Automated Security Analysis Out of the box parsers, alerts and reports for key use cases
Key Compliance Coverage Support for numerous compliance standards including 10.6
AWS Friendly Designed for AWS workloads and reference architectures
For more information on Log
Manager or other Alert Logic
security solutions for AWS
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.