Views:

Learn how Trend Vision One™ ingests AWS CloudTrail logs to detect threats and attacks, provide response actions, and generate a visual representation of the logs.

When connecting or updating an AWS account in Cloud Accounts, you can enable the Cloud Detections for AWS CloudTrail feature to gain insight into possible attack vectors, suspicious activity, and security breaches. Trend Vision One™ ingests AWS CloudTrail logs and analyzes the logs for suspicious or malicious traffic activity. You can view the results in the following Trend Vision One™ apps:
  • Agentic SIEM & XDRWorkbench: The Workbench app provides insight into high-priority correlated alerts, which you can investigate to understand the scope of the issue, get a list of highlighted events, and view and act upon each alert.
    Tip
    Tip
    To view a list of Workbench insights for AWS CloudTrail, use the Data source/processor filter to display all Cloud Detections for AWS CloudTrail insights.
    For more information, see Workbench.
  • Agentic SIEM & XDRObserved Attack Techniques: View AWS CloudTrail log events detected in your AWS environment and drill down into an event to view details.
    Tip
    Tip
    To view a list of events generated by AWS CloudTrail, use the Data source/processor filter to display all Cloud Detections for AWS CloudTrail events.
    For more information, see Observed Attack Techniques.
  • Agentic SIEM & XDRXDR Data Explorer: Use search queries to view AWS CloudTrail logs and events.
To set up Cloud Detections for AWS CloudTrail, do the following:
  1. Ensure AWS CloudTrail is configured for integration with Trend Vision One.
  2. Estimate your XDR for Cloud credit usage and allocate credits by clicking XDR Credit Usage in Cloud SecurityCloud AccountsAWS.
  3. Enable Cloud Detections for AWS CloudTrail when connecting or updating an AWS account.
  4. Test the AWS CloudTrail integration.
Related information