AWS CloudTrail Monitoring
AWS CloudTrail is an API call monitor that provides the details of changes made to Elastic Computing Clouds (EC2), including a timestamp with the IP address of the user and the specific changes being made. This is useful for keeping track of what changes are being made and by whom and serves as an important security feature. However, these raw API call logs can be overwhelming to dig through when trying to uncover suspicious activity. EiQ’s SOCVue Security Monitoring allows for collection, correlation, and alerting for API-based activity from CloudTrail combined with other security data.