Comment on page
AWS Intrusion Detection System
This how-to guide will help you go from zero security coverage, to a full blown IDS that can be used to detect anomalous activity within your AWS account.
Follow the Query your Cloudtrail logs guide to make your Cloudtrail logs accessible to RunReveal
Your Cloudtrail logs source will automatically be connected to the triggers from the Cloudtrail trigger pack.
You can quickly connect your slack notification to each of your triggers using this command.
Note: this will add the slack notification to ALL of your triggers. This is probably intended if you're just getting started, but if you've written custom triggers you may unintentionally make connections you didn't expect.
for i in $(runreveal triggers list | jq -r '..id'); do
runreveal triggers update --notif-name slack "$i"
You should now be receiving alerts to your slack channel!