The Sumo Logic App for AWS CloudTrail

Centralize your CloudTrail log management and analysis

Ingest your AWS CloudTrail data to gain real-time insights

Amazon Web Services DevOps & IT Operations

Analyze changes

Receive real-time alerts to suspicious activity, changes to infrastructure like started/stopped virtual servers, and changes to access control lists (ACLs).

Share critical data

Develop customized visual dashboards to report on environmental strengths and weaknesses and share critical data quickly with the right teams.

Secure your environment

Perform root-cause analysis on performance by tracking the effects of changes on the your infrastructure’s availability and response time.

What is AWS CloudTrail?

AWS CloudTrail is a web service that records your AWS application program interface (API) calls and delivers complex log files to you for audit and analysis. AWS Cloudtrail records the following API information:

- The identity of the API caller.
- The time of the API call.
- The source IP address of the API caller.
- The request parameters.
- The response elements returned by the AWS service.

With the Sumo Logic app for AWS CloudTrail, gain deep visual insights into your environment through interactive, customizable dashboards.

Log Analysis You Can Use

Delve deep into CloudTrail activity patterns for actionable insights. Monitor statistics like:

Administrator and user activity, isolatable by location to easily identify traffic from unauthorized regions.
Platform configuration changes like such as new virtual machines, ACL changes and more.
Account settings, usage and billing status for all your AWS services.
Monitor platform configuration changes such as new VM configurations, ACL changes etc.

With the Sumo Logic app for AWS CloudTrail, gain instant visual insights, track and correlate AWS CloudTrail data, and integrate it with other AWS services data for complete monitoring and security.

Ingest CloudTrail Data into Sumo Logic Using S3

Gathering your CloudTrail data in one place is extremely easy. Dumping your logs into an S3 bucket for simple collection by a cloud-native log analysis service such as Sumo Logic allows:

A scalable, elastic architecture that can grow with your business.
Comprehensive compliance certifications (PCI v3 Service Provider Level 1, SOC2 Type 2, HIPAA, Safe Harbor) to ensure the security you need.
Rich out-of-box integrations to key AWS services to enable fast time-to-value.
Ready to get more insight into your AWS CloudTrail logging activity? Sign up for your free Sumo Logic trial today!

ELK Stack Compatability

Logstash (along with Elasticsearch and Kibana) offers an opportunity to parse, search and visualize this information. This provides great insight when Logstash is up and running, but it needs to be setup and managed to provide valuable insights even when Logstash forwarders go down. In addition, managing this infrastructure can be a challenge at scale.

Sumo Logic provides native cloud-to-cloud collection directly from an S3 bucket for CloudTrail information. Since the collection is cloud-to-cloud, administrators are not relied upon to keep the logging infrastructure up and running. You can count on Sumo Logic for valuable insights through outages.