--- title: "Enhance your cloud security visibility with the updated AWS CloudTrail app" page_name: "Enhance your cloud security visibility with the updated AWS CloudTrail app" type: "blog" slug: "enhance-your-cloud-security-visibility-with-the-updated-aws-cloudtrail-app" published_at: "2025-07-16" modified_at: "2025-07-16" url: "https://www.sumologic.com/blog/enhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app" canonical: "https://www.sumologic.com/blog/enhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app" markdown_url: "https://www.sumologic.com/blog/enhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app.md" lang: "en" excerpt: "The AWS CloudTrail schema was updated on July 14, 2025. Learn what steps to take and how these changes can enhance your cloud security operations." taxonomy_blog_category: - "AWS" --- [ All blogs ](https://www.sumologic.com/blog "blog")[AWS](https://www.sumologic.com/blog/aws) # Enhance your cloud security visibility with the updated AWS CloudTrail app [Adam White](#blog-author-block-334) July 16, 2025 2 min read [AWS](https://www.sumologic.com/blog/aws) ##### Table of contents For organizations operating in the cloud, visibility is everything. You need a reliable source of truth to answer “who did what, when, and where,” whether you’re investigating a security incident, chasing compliance goals, or monitoring operational activity. Enter the [Sumo Logic CloudTrail App](https://www.sumologic.com/app-catalog/aws-cloudtrail), your go-to solution for transforming raw AWS CloudTrail logs into meaningful, actionable insights. With an important [CloudTrail schema update on July 14, 2025](https://help.sumologic.com/release-notes-service/2025/06/16/apps/), there’s no better time to make sure you’re getting maximum value from this powerful integration. ## What is the Sumo Logic CloudTrail app? [AWS CloudTrail](https://www.sumologic.com/blog/what-is-aws-cloudtrail) records every API call across your AWS infrastructure, spanning the console, SDKs, CLI, and even service-to-service activity. In their raw form, these logs can be dense and overwhelming. The CloudTrail App in Sumo Logic simplifies this complexity by: - Ingesting CloudTrail logs and enriching them with field extraction rules. - Surfacing insights through pre-built dashboards for login activity, access attempts, configuration changes, and more. - Flagging anomalies using detection rules tied to IAM activity, credential usage, and cross-region behavior. - Benchmarking your environment against peer activity using Global Intelligence for CloudTrail SecOps. The result? Real-time visibility and context-rich security monitoring that turns raw audit logs into high-confidence answers. ***Note**: These are Classic apps (V1), and reinstalling them will create a new folder in your Content Library with updated dashboards.* ## What changed in AWS CloudTrail on July 14, 2025? To better support the IAM Identity Center (formerly AWS SSO), AWS is restructuring how certain identity-related fields appear in CloudTrail logs. These changes improve clarity and consistency but also require updates to how the logs are parsed and visualized. ### Key schema changes | **Field** | **Current Location** | **New Location** | |---|---|---| | userName | userIdentity | additionalEventData | | principleID | userIdentity | Removed | | userID, identityStoreArn, credentialID | additionalEventData | userIdentity | Without updates to the parsing logic and dashboard queries, these changes will break visibility into user activity starting July 14. ## Steps to take due to the July 14, 2025 update To maintain continuity and ensure your dashboards, alerts, and queries remain accurate, Sumo Logic has released updated versions of the affected apps with support for the new schema. Just follow the steps below to get started. 1\. If you’re using any of the following apps, reinstall them from the App Catalog: - [Amazon CloudTrail – Cloud Security Monitoring & Analytics](https://help.sumologic.com/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail/) - [AWS CloudTrail](https://help.sumologic.com/docs/integrations/amazon-aws/cloudtrail/) - [CIS AWS Foundations Benchmark](https://help.sumologic.com/docs/integrations/amazon-aws/cis-aws-foundations-benchmark/) - [PCI Compliance for AWS CloudTrail](https://help.sumologic.com/docs/integrations/amazon-aws/cloudtrail-pci-compliance/) - [Threat Intel for AWS](https://help.sumologic.com/docs/integrations/amazon-aws/threat-intel/) - [Cloud Infrastructure Security for AWS](https://help.sumologic.com/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/) 2\. Review and update custom content: - Use the new schema paths to update any search queries, dashboard panels, scheduled reports, or alerts that reference `userName`, `principalId`, `userId`, etc. - Remove any logic dependent on `principalId`, which will no longer be available. 3\. Test and validate changes: - Run your updated dashboards side-by-side with current versions to verify alignment. - Confirm data continuity. **Note**: Cloud SIEM customers do **not** need to make changes—parser logic has already been updated by Sumo Logic behind the scenes. ## Why this matters This update is a great opportunity to enhance your cloud security and monitoring capabilities with richer insights. By updating your CloudTrail app, you can: - Modernize your AWS log ingestion strategy. - Leverage improved user identity fidelity from IAM Identity Center logs. - Stay fully aligned with AWS’s evolving event model. ## Final thoughts CloudTrail is a cornerstone of any observability or security strategy in AWS, and with this upcoming change, Sumo Logic customers have a clear path to stay ahead. By reinstalling the updated apps and adjusting custom logic, you’ll not only maintain visibility but enhance it, ensuring your teams have the context they need to move with confidence in the cloud. Curious to learn more about this update? Check out our [AWS CloudTrail Updates release notes](https://help.sumologic.com/release-notes-service/2025/06/16/apps/). Read the [AWS Security Blog to understand the ins and outs of this update, directly from AWS.](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail) ### Article Tags - [AWS](https://www.sumologic.com/blog/aws) Adam White Senior Director Technical Marketing Adam White is a seasoned leader in technical marketing and solutions engineering, specializing in go-to-market strategy, messaging, and enablement. With nearly two decades of experience, he has built and led high-performing teams, driven revenue growth, and shaped industry-leading programs across a variety of business functions. Adam is a husband and father of three teenagers. In his spare time, he’s a vintage electronics and hi-fi nerd (think vacuum tubes) and a collector of too many amplifiers, guitars, and effects pedals. [](https://www.sumologic.com/feed "RSS Feed")[](https://twitter.com/intent/tweet?text=Enhance%20your%20cloud%20security%20visibility%20with%20the%20updated%20AWS%20CloudTrail%20app&url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fenhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app "X")[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fenhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app "Facebook")[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.sumologic.com%2Fblog%2Fenhance-your-cloud-security-visibility-with-updated-aws-cloudtrail-app "Linkedin") [Previous blog Ten new and updated apps for securing and monitoring your environments](https://www.sumologic.com/blog/ten-new-sumo-logic-apps-securing-monitoring)[Next blog So you’re buying your first SIEM… here’s how not to suck at it](https://www.sumologic.com/blog/how-to-buy-your-first-siem) People who read this also enjoyed [ Eight best practices for a successful cloud migration strategy June 16, 2026 ](https://www.sumologic.com/blog/best-practices-for-cloud-migration-strategy)[ OCSF for Security Hub: Sumo Logic and AWS speaking the same language September 30, 2025 ](https://www.sumologic.com/blog/sumo-logic-aws-ocsf-security-hub)[ How to create and monitor an AWS Lambda function in Java 11 April 15, 2025 ](https://www.sumologic.com/blog/how-to-write-aws-lambda-function-in-java8)[ AWS ALB vs ELB: Which load balancer is right for you? March 18, 2025 ](https://www.sumologic.com/blog/aws-elb-alb) [AI Instructions](https://www.sumologic.com/ai-instructions.md)