Use cases

Phishing
Automate the handling of phishing incidents and response.

Ransomware
Automated playbooks to circumvent incoming attacks at machine speed.

User life cycle management
Automate users’ on and offboarding. Orchestrate the monitoring of suspicious activities.

Threat Intelligence
Enable continuous updates and data sharing from worldwide intelligence feeds.

Threat Hunting
Gather resources spread across your company to decipher previously unknown threats.

Incident triage
Build automated workflows to depart false positives and duplications from real threats.

Endpoint Protection
Automate and Orchestrate the detection and remediation of incidents on your devices.

Threat Detection
Decipher threats running in your organization by mapping abnormal activities.

Forensic investigation
Alleviate the work of forensics with streamlined resources.

Cloud Security
Maintain constant monitoring of your cloud configuration to reduce risks of misconfiguration.
Integrations

Cybersecurity
Put your cybersecurity stack on steroids
Threat Intelligence
SIEM
Network & Firewalls
EDR
Vulnerability Management
Connect your cybersecurity ecosystem

IT & Business
Break silos in your modern IT stack
Ticketing
Communication
IAM
Cloud
Miscellaneous
Explore the paradigm of fusion

Featured Integrations
We cover your entire environment
Jira
Okta
Splunk
Sentinel One
Slack
CyberReason
Discover our 200+ integrations
ITOps
SecOps
CloudOps
Company
Blog

Use cases

Phishing
Automate the handling of phishing incidents and response.

Ransomware
Automated playbooks to circumvent incoming attacks at machine speed.

User life cycle management
Automate users’ on and offboarding. Orchestrate the monitoring of suspicious activities.

Threat Intelligence
Enable continuous updates and data sharing from worldwide intelligence feeds.

Threat Hunting
Gather resources spread across your company to decipher previously unknown threats.

Incident triage
Build automated workflows to depart false positives and duplications from real threats.

Endpoint Protection
Automate and Orchestrate the detection and remediation of incidents on your devices.

Threat Detection
Decipher threats running in your organization by mapping abnormal activities.

Forensic investigation
Alleviate the work of forensics with streamlined resources.

Cloud Security
Maintain constant monitoring of your cloud configuration to reduce risks of misconfiguration.
Integrations

Cybersecurity
Put your cybersecurity stack on steroids
Threat Intelligence
SIEM
Network & Firewalls
EDR
Vulnerability Management
Connect your cybersecurity ecosystem

IT & Business
Break silos in your modern IT stack
Ticketing
Communication
IAM
Cloud
Miscellaneous
Explore the paradigm of fusion

Featured Integrations
We cover your entire environment
Jira
Okta
Splunk
Sentinel One
Slack
CyberReason
Discover our 200+ integrations
ITOps
SecOps
CloudOps
Company
Blog

AWS CloudTrail

x Mindflow

Vendor

Overview

AWS CloudTrail was integrated by Mindflow to enable users to automate their incident management and better protect their information system.

AWS CloudTrail Overview

AWS CloudTrail is a service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.

Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.

Visibility into your AWS account activity is key to security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure.

You’re able to identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.

An event in CloudTrail is the record of activity in an AWS account: an action taken by a user, role, or service that is monitorable by CloudTrail. CloudTrail events provide a history of API and non-API account activity made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Three types of events can be logged in AWS CloudTrail: management events, data events, and CloudTrail Insights events.

Management events provide information about management operations that are performed on resources in your AWS account.

Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities.

CloudTrail Insights events capture unusual API call rate or error rate activity in your AWS account. Insights events are logged to a different folder or prefix in the destination S3 bucket for your trail. You can also see the type of insight and the incident time period. They provide relevant information, such as the associated API, error code, incident time, and statistics, that help you understand and act on unusual activity.

CloudTrail event history provides a viewable, searchable, and downloadable record of the past 90 days of CloudTrail events.

Trails are a configuration that enables the delivery of CloudTrail events to an Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. You can use a trail to filter the CloudTrail events you want to be delivered, encrypt your CloudTrail event log files with an AWS KMS key, and set up Amazon SNS notifications for log file delivery.

Organization trails are a configuration that enables delivery of CloudTrail events in the management account and all member accounts in an AWS Organizations organization to the same Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. Creating an organization trail helps you define your organization’s uniform event logging strategy.

Benefits

Create a trail for an ongoing record of events in your AWS account to deliver log files to an Amazon S3 bucket that you specify. Without creating such a Trail, CloudTrail isn’t a permanent record, and it does not provide information about all possible types of events

To help manage your CloudTrail data, create one trail that logs management events in all AWS Regions, and then additional trails logging specific event types for resources

Apply trails to all AWS Regions to obtain a complete record of events taken by a user, role, or service in your AWS account.

Enable CloudTrail log file integrity, which is especially valuable in security and forensic investigations. It also lets you know if a log file has been deleted or changed or asserts positively that no log files were delivered to your account during a given period of time.

Integrate with Amazon CloudWatch Logs to monitor and receive alerts for specific events captured by AWS CloudTrail.