Test the AWS CloudTrail integration for XDR for Cloud

Procedure

1. Sign in to the AWS account you want to use to test Cloud Detections for AWS CloudTrail.
2. Use XDR Data Explorer to verify CloudTrail log data is being sent to Trend Vision One.
3. Use one of the following demo models to trigger a Workbench alert.

   Important Make sure to use an IAM user in AWS when using a demo model to enable testing the Revoke Access Permission response task.

   • Demo: Model - AWS Bedrock Successful Guardrail Deletion Detected
   • Demo: Model - AWS Bedrock Model Invocation Logs Successful Deletion Detected
   • Demo: Model - AWS IAM Login MFA Deactivated for a User
   • Demo: Model - AWS EC2 EBS Snapshot Shared Publicly or to an External Account
   • Demo: Model - AWS IAM Administrator Access Policy Attached to a Role
4. Test response capabilities with the Revoke Access Permission task.