AWS (CloudTrail) Collection Configuration Guide

Document created by RSA Information Design and Development Employee on Nov 22, 2016Last modified by RSA Information Design and Development Employee on May 4, 2017
Version 10Show Document
  • View in full screen mode

The Amazon Web Service (AWS) CloudTrail collection protocol collects events from Amazon Web Services (AWS) CloudTrail. CloudTrail records AWS API calls for an account. The events contain the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. The AWS API call history provided by CloudTrail events enables security analysis, resource change tracking, and compliance auditing. CloudTrail uses Amazon S3 for log file storage and delivery. Security Analytics copies the log files from the cloud (S3 bucket), and sends the events contained in the files to the Log Collector.

You must deploy Log Collection before you can configure the AWS collection protocol.

Next Topic:The Basics
You are here
Table of Contents > AWS (CloudTrail) Collection Configuration Guide