Questions tagged with AWS CloudTrail

AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

Content language: English

Select up to 5 tags to filter
Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Hi, Suddenly events stopped to sending logs to SIEM. All testing is passed in SIEM tool end, but logs are not receiving. Thanks.
0
answers
0
votes
70
views
Arun
asked 10 months ago
I currently have multiple AWS accounts under a single OU. I want to launch Control Tower in a NEW management account, and then register the existing OU to the Control Tower. What will happen to...
1
answers
0
votes
285
views
AWS
lovjim
asked 10 months ago
My organization is ingesting its CloudTrail logs into a Sentinel workspace. I recently updated our current LogTrail by adding S3 in the data events but when I performed some specific operations to...
1
answers
0
votes
357
views
Nov
asked 10 months ago
We are processing CloudTrail logs to check and highlight actions not protected by MFA. When someone signs in as Root all the events with `eventType` `AwsApiCall` have `sessionContext` populated. For...
0
answers
0
votes
79
views
roj
asked a year ago
Hello guy need help i am getting unauthorized API call is made alarm. i dont know what is the root cause. how to find this in cloudtrail?
1
answers
1
votes
1202
views
asked a year ago
Hello Team. I have implemented Control Tower, so I have management, audit, log archive and additional member accounts. This setup has activated in every account some services suchs as: AWS Config,...
0
answers
0
votes
126
views
Orlando
asked a year ago
I would like to monitor the volume of data sent externally from my AWS account. I'm looking for to retrieve logs that allow me to have the volume of data sent externally in real time. Who can help me...
1
answers
0
votes
420
views
LMA
asked a year ago
backgoround: querying cloudtrail logs via athena, however the database and table table is created using glue crawler but running into error **HIVE_UNSUPPORTED_FORMAT: Unable to create input format**
1
answers
0
votes
1055
views
ramsa
asked a year ago
According to the AWS documentation, "to collect CloudTrail management events in Security Lake, you must have at least one CloudTrail multi-Region organization trail that collects read and write...
2
answers
0
votes
389
views
Steven
asked a year ago
Hi community, as the title says I came across some events when I was searching for some events in my CloudTrail event history and today I learned that IAM events go us-east-1 by default. My aim was...
1
answers
0
votes
512
views
asked a year ago
Here's my setup. I have four accounts - a management account and three member accounts for security, dev, and production. In the process of setting up my organization I've configured organization and...
1
answers
0
votes
683
views
asked a year ago
Hi! I am trying to create a trail in Cloudtrail with the Cloudwatch, SNS topic, and an S3 bucket for the logs integration via the console in order to fulfill the PCI compliance results obtained by...
1
answers
1
votes
335
views
Lalo
asked a year ago