AWS Log Management using CloudTrail | AlienVault

AWS Log Management for CloudTrail

AlienVault USM Anywhere is the
Complete AWS Log Management
and Threat Detection Solution

TRUSTED BY THOUSANDS OF CUSTOMERS.
Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
Subaru
U.S. Air Force
Oklahoma University
THSB
Ziosk
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
Taylor-Morrison
National Film Board of Canada
Richland Washington School District
PWC
Delta Sonic
Shake Shack
Miami Parking Authority
JobReady
Subaru
Brookfield Zoo
Southwest Bank
Cintra
City of Fargo
Rainforest Alliance
HSB
Crawford Insurance
FoleyCAT
Pittsburgh Technical College
YMCA
Payoff
Apple Bank
Horizon Health Services
BAE Systems
Dominos
Food Services
GameStop
OshKosh
Steelcase
Tinder

TAKE A TEST DRIVE NOW:

Explore USM Anywhere with Our Online Demo!

An AWS-native Solution to Monitor, Correlate and Analyze Events from the Data in Your CloudTrail Logs

Monitoring activity in your Amazon Web Services (AWS) environment is essential to maintaining the security of your applications and ensuring regulatory compliance. Amazon provides several important tools to assist you, including CloudTrail.

AWS CloudTrail is a log monitoring service that records all API calls for your AWS account. CloudTrail allows you to track changes to your AWS resources, conduct security analysis, and troubleshoot operational issues. However, CloudTrail as a security tool is incomplete, as it doesn’t correlate events or conduct any security analysis.

AlienVault® Unified Security Management (USM) Anywhere™, with its native AWS sensor, addresses this limitation in CloudTrail and delivers critical event correlation and log management capabilities. USM Anywhere enables you to detect malicious activity in your AWS instances using the AWS CloudTrail logs. It also helps you comply with regulatory requirements such as PCI DSS.

AlienVault USM Anywhere allows you to monitor AWS CloudTrail and secure your AWS environment with these critical features:

Automated CloudTrail Log Management and Event Correlation

  • Automates alerting and event correlation from CloudTrail events
  • Arranges security events in prioritized kill chain taxonomy
  • Detects behavioral changes including suspicious instance creation and security group changes

Complete Log Management for Compliance

  • Achieve compliance with PCI DSS, FISMA, FedRAMP, ISO 27001, NERC CIP, or GLBA requirements
  • Secure collection and retention of both raw log data as well as normalized logs

Integrated Threat Intelligence Updates

  • Regular threat intelligence updates accelerate your ability to spot the latest exploits
  • Pre-built, customizable correlation directives eliminate the need for you to create your own
  • Focus on responding to threats rather than researching every alert

Automated CloudTrail Log Management and Event Correlation

To maintain the security of your applications running in AWS, you need to continuously monitor their activity to identify changes and correlate events. CloudTrail is one of the useful tools that Amazon provides to assist you with monitoring and securing your AWS instances. However, CloudTrail as a security tool is incomplete, as it doesn’t perform correlation of events or conduct any security analysis.

AlienVault USM Anywhere automatically monitors, correlates and analyzes events from CloudTrail to detect security threats across the systems and applications you have running in AWS. With its purpose-built sensor for AWS, USM Anywhere will automatically detect your use of CloudTrail and retrieve your logs across all regions.

AlienVault USM Anywhere also enables you to effectively correlate events from the CloudTrail logs to detect suspicious behavioral changes or other malicious activity in your AWS instances, including security group changes. And USM Anywhere builds all the monitoring and security event management capabilities you need into a centralized dashboard.

Complete Log Management for Compliance

Monitoring your AWS environment is also critical for ensuring compliance with regulatory requirements. Although CloudTrail can effectively feed data into log management platforms, simply using CloudTrail on its own does not help achieve compliance with regulatory requirements. You need to integrate CloudTrail with a comprehensive security tool that provides secure collection and retention of both raw log data as well as normalized logs.

AlienVault USM Anywhere with its AWS-native sensor delivers this comprehensive AWS log management and log analysis capability to help you achieve compliance with regulatory requirements such as PCI DSS, FedRAMP, and Sarbanes-Oxley. Although specific requirements for monitoring and security event management vary from one standard to the next, USM Anywhere can help you quickly achieve compliance in your AWS environment with all the essential security capabilities you need in a single console.

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

Secure Your AWS Environment

USM Anywhere provides complete cloud security management for your AWS environments. It includes all of the essential capabilities for monitoring cloud security and quickly identifying malicious or suspicious activity in your AWS cloud infrastructure.

Watch a Demo ›
GET PRICE FREE TRIAL CHAT