Investigating CloudTrail Logs

Not once raised the issue of security in the AWS in a particular context. Bad guys hate logs. Bad guys delete logs. So first of all protect your logs for at least of necessary:

1. Enable CloudTrail Log File Integrity.
2. Minimizing access to the S3 bucket
3. Minimizing access to the API CloudTrail.
4. Pull the logs in a central repository

Cloudtrail logs keep a record of all calls API AWS and will help you answer the key questions of safety and regulatory compliance. Analysis of the log can and should be automated.

It is obvious, yet important topic. Account is divided into regions, and if the IAM-users, for example, the entire account, you have instances and politicians – no. The same CloudTrail can be configured not to include all regions. This point should be remembered and control.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.