Comment on page
We can provide you with a variety of AWS related detections and investigation tools out of the box. The CloudTrail SIEM can:
- 1.Ingest and index logs for search.
- 2.Understand how your AWS environment is being used.
- 3.Generate least privilege AWS access policies.
We consume your CloudTrail logs by receiving them in our S3 bucket.
First, let us know we'll be receiving your CloudTrail logs by telling us which AWS accounts you'll be sending CloudTrail logs from using the following command:
$ runreveal sources cloudtrail add -a 012345678901,012345678902
Next, there's only 1 step in the AWS Console, and then you're setup! 🎉 Incredible right? Imagine what you could do with all the additional time you have now. Maybe start a new hobby?
The following change can also be made with Terraform, Pulumi, or other configuration management tools.
- Give your trail a name.
runrevealas a name works great!
Use Existing S3 Bucketand set
runrevealas the trail log bucket name.
- Disable SSE-KMS encryption. This is *required* for the simple setup. Encryption is something we can support at the enterprise tier.
We also support consuming CloudTrail logs using the S3 SNS notification delivery log.
First, run this command passing in the name of the bucket containing your CloudTrail logs:
$ runreveal sources cloudtrail add -b YOUR_BUCKET_NAME