Mindflow and AWS CloudTrail have partnered to enable users to automate their incident management and better protect their information systems.
AWS CloudTrail is a service that helps you enable governance, compliance, and operational and risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
Visibility into your AWS account activity is a key aspect of security and operational best practices. You can use CloudTrail to view, search, download, archive, analyze, and respond to account activity across your AWS infrastructure.
You’re able to identify who or what took which action, what resources were acted upon, when the event occurred, and other details to help you analyze and respond to activity in your AWS account. Optionally, you can enable AWS CloudTrail Insights on a trail to help you identify and respond to unusual activity.
An event in CloudTrail is the record of activity in an AWS account: an action taken by a user, role, or service that is monitorable by CloudTrail. CloudTrail events provide a history of both API and non-API account activity made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
There are three types of events that can be logged in CloudTrail: management events, data events, and CloudTrail Insights events.
Management events provide information about management operations that are performed on resources in your AWS account.
Data events provide information about the resource operations performed on or in a resource. These are also known as data plane operations. Data events are often high-volume activities.
CloudTrail Insights events capture unusual API call rate or error rate activity in your AWS account. Insights events are logged to a different folder or prefix in the destination S3 bucket for your trail. You can also see the type of insight and the incident time period. They provide relevant information, such as the associated API, error code, incident time, and statistics, that help you understand and act on unusual activity.
CloudTrail event history provides a viewable, searchable, and downloadable record of the past 90 days of CloudTrail events.
Trails are a configuration that enables delivery of CloudTrail events to an Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. You can use a trail to filter the CloudTrail events you want delivered, encrypt your CloudTrail event log files with an AWS KMS key, and set up Amazon SNS notifications for log file delivery.
Organization trails are a configuration that enables delivery of CloudTrail events in the management account and all member accounts in an AWS Organizations organization to the same Amazon S3 bucket, CloudWatch Logs, and CloudWatch Events. Creating an organization trail helps you define a uniform event logging strategy for your organization.
Features and Benefits