AWS CloudTrail App for Sumo Logic

AWS CloudTrail is a web service that records your AWS application program interface (API) calls and delivers complex log files to you for audit and analysis. AWS Cloudtrail records the following API information:

• • The identity of the API caller.
  • The time of the API call.
  • The source IP address of the API caller.
  • The request parameters.
  • The response elements returned by the AWS service.

With the Sumo Logic app for AWS CloudTrail, gain deep visual insights into your environment through interactive, customizable dashboards.

Delve deep into CloudTrail activity patterns for actionable insights. Monitor statistics like:

• Administrator and user activity, isolatable by location to easily identify traffic from unauthorized regions.
• Platform configuration changes like such as new virtual machines, ACL changes and more.
• Account settings, usage and billing status for all your AWS services.
• Monitor platform configuration changes such as new VM configurations, ACL changes etc.

With the Sumo Logic app for AWS CloudTrail, gain instant visual insights, track and correlate AWS CloudTrail data, and integrate it with other AWS services data for complete monitoring and security.

Gathering your CloudTrail data in one place is extremely easy. Dumping your logs into an S3 bucket for simple collection by a cloud-native log analysis service such as Sumo Logic allows:

• A scalable, elastic architecture that can grow with your business.
• Comprehensive compliance certifications (PCI v3 Service Provider Level 1, SOC2 Type 2, HIPAA, Safe Harbor) to ensure the security you need.
• Rich out-of-box integrations to key AWS services to enable fast time-to-value.
• Ready to get more insight into your AWS CloudTrail logging activity? Sign up for your free Sumo Logic trial today!

Logstash (along with Elasticsearch and Kibana) offers an opportunity to parse, search and visualize this information. This provides great insight when Logstash is up and running, but it needs to be setup and managed to provide valuable insights even when Logstash forwarders go down. In addition, managing this infrastructure can be a challenge at scale.

Sumo Logic provides native cloud-to-cloud collection directly from an S3 bucket for CloudTrail information. Since the collection is cloud-to-cloud, administrators are not relied upon to keep the logging infrastructure up and running. You can count on Sumo Logic for valuable insights through outages.

The Sumo Logic Cloudtrail dashboard for improving PCI compliance posture gives security engineers and analysts the ability to easily track Security Group Activity as well as all AWS activity in terms of both read-only events as well as non-read-only events. Critical events such as deleting of security groups can lead to actionable insights.