Upload
ariel-smoliar
View
626
Download
4
Tags:
Embed Size (px)
DESCRIPTION
The Sumo Logic Application for CloudTrail provides proactive analytics and visualization on top of the CloudTrail log data to provide actionable security and operations forensics.
Citation preview
Sumo’s CloudTrail Integration - Overview
Ariel Smoliar
Agenda
What is CloudTrail
CloudTrail Integration
CloudTrail Use Cases
Additional Resources
What is CloudTrail?
You are making API calls…
On a growing set of services around the world..
CloudTrial is continuously recording API calls…
And delivering log files to you
Nice right? Let’s have some more details…
What is CloudTrail?
CloudTrail records API calls in your account and delivers a log file to your S3 bucket
Typically, delivers an event within 15 minutes of the API call
Log files are delivered ~5min
AWS Services Supported by CloudTrail
Recording API Calls - Variety of Use Cases
Information in a recorded API call
Who made the API call?
When was the API call made?
What was the API call?
What were the resources that were acted up on in the API call?
Where was the API call made from?
What is NOT recorded?
State transitions of AWS resources. Example: An EC2 instance transitioning from
pending to a running state
Allowed or denied traffic information for VPC security groups and ACL’s
Successful and failed AWS Management Console sign-in events
CloudTrail Integration
CloudTrail Integration
CloudTrail Logs
AWS Console
AWS Console - S3 Bucket
User Monitoring
Geo Location of All Users
Main users in the AWS account
Admin users activities over time
Recent Activity by Administrative Users
Launched and terminated instances by user
Operations
Requested AWS services over time
API calls by AWS region
Elastic IP address operations
Created and deleted resources over time
Network and Security
Authorization failures over time
Created and Deleted Network Security Events
Network and Security Events Over Time
Recent Security Group and Network ACL Changes
Network ACL with All Allowed Ingress/Egress
CloudTrail Use Cases
User Monitoring Dashboard
Network and Security Dashboard
Operations Dashboard
Multiple Environments
Admin Users
CloudTrail documentation
Sumo’s CloudTrail Documentation
Additional Resources
CloudTrail blog
Applications webpage
CloudTrail press release