Questions tagged with AWS CloudTrail
AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
233 results
Hi AWS, I have a GitHub self-hosted runner installed (Windows) installed on Amazon EC2. I have noticed that the runner is `Offline` and when I login into the server I figured out that somebody has...
Hello,
I have currently setup cloudtrail logs to be query able in athena, however my create table looks something like
```
CREATE EXTERNAL TABLE cloudtrail(
eventVersion STRING,
userIdentity...
I have a log group and the Timestamp of the log shows today's date, but when I look at the eventTime field in the object described in the log I can see it was actually a few months ago, any one know...
Hi All, I have created a cloudtrail log to read any s3 dataevent. I see in s3 location, logs have started building. But when I try to query this data in S3 , it's failing with error ...
Hello,
I have been receiving a high cost from GuardDuty every day for some time, when I analyzed it further I saw that this cost is related to the analysis of CloudTrail events by GuardDuty, and I...
Hi,
I have CloudTrail enabled on our AWS system, and I only enabled the Management event. Is there a way to not log events on Data Lifecycle Manager since it’s giving a bulk data event?
We have an alarm setup for CloudTrailAuthorizationFailures which is one of the metric filters in the CloudTrail/DefaultLogGroup. We have a retention on this log group for 12 months however when...
Hi,
Suddenly events stopped to sending logs to SIEM. All testing is passed in SIEM tool end, but logs are not receiving.
Thanks.
I currently have multiple AWS accounts under a single OU. I want to launch Control Tower in a NEW management account, and then register the existing OU to the Control Tower. What will happen to...
My organization is ingesting its CloudTrail logs into a Sentinel workspace. I recently updated our current LogTrail by adding S3 in the data events but when I performed some specific operations to...
We are processing CloudTrail logs to check and highlight actions not protected by MFA.
When someone signs in as Root all the events with `eventType` `AwsApiCall` have `sessionContext` populated. For...
Hello guy need help
i am getting unauthorized API call is made alarm. i dont know what is the root cause.
how to find this in cloudtrail?