AWS CloudTrail Monitoring

The Challenge

AWS CloudTrail is an API call monitor that provides the details of changes made to Elastic Computing Clouds (EC2), including a timestamp with the IP address of the user and the specific changes being made. This is useful for keeping track of what changes are being made and by whom and serves as an important security feature. However, these raw API call logs can be overwhelming to dig through when trying to uncover suspicious activity. EiQ’s SOCVue Security Monitoring allows for collection, correlation, and alerting for API-based activity from CloudTrail combined with other security data.

Why Does CloudTrail Monitoring Matter?

EC2 instances can host massive quantities of data and applications that may be targeted by cyber attackers. AWS CloudTrail provides records of the API calls made to the EC2, providing the raw information needed for analysis and audit. Leveraging CloudTrail data in combination with other security information and event data allows organizations to monitor the environment for suspicious changes or activity within the virtual infrastructure.

How Does EiQ Help?

SOCVue Security Monitoring has introduced support for AWS CloudTrail in cloud-based deployments. SOCVue is now able to integrate data provided by CloudTrail into our log management and SIEM technology, to correlate and alert on the data. The CloudTrail API details provide a new level of monitoring of the actual API calls being made, beyond the simple log data the nodes themselves might report. EiQ’s 24/7/365 SOC team will monitor for any anomalous activity and provide alerts with remediation guidance should any be discovered. The data may also be included in reporting for compliance audits or executive review.

Learn More About SOCVue Security as a Service

Let's Talk
We can now see our network activity as a whole with 24x7 eyes and ears notifying us when there is an alert. We also now have a dedicated pool of analysts and engineers from EiQ who are familiar with us and our environment to quickly advise and assist in the case of an emergency.
Jeremy Mio Security and Research Manager, County of Cuyahoga