Test XDR for Cloud - AWS CloudTrail integration in your AWS cloud environment.
 |
ImportantXDR for Cloud currently only supports AWS cloud accounts. Support for additional cloud
providers is coming soon.
Enabling XDR for Cloud - AWS CloudTrail requires allocating credits. For information
about estimating credit usage with XDR for Cloud, see Estimating and monitoring XDR for Cloud
usage.
|
XDR for Cloud - AWS CloudTrail integration allows Trend Vision One to access and monitor your AWS CloudTrail logs and automate response actions to detected
threats. The following steps provide a guide on how to test the feature within your
environment.
Procedure
- Sign in to the AWS account you want to use to test XDR for Cloud - AWS CloudTrail.
- Configure your CloudTrail settings.For full steps, see CloudTrail configuration.
- Add your AWS account to Trend Vision One cloud accounts app.Follow the steps in Adding an AWS account using CloudFormation and enable the following features and permissions:
-
Core Features
-
XDR for Cloud - AWS CloudTrail
-
Cloud Response for AWS
Note
If you want to test integration with Control Tower, see Adding an AWS account with CloudTrail and Control Tower. -
- After your account successfully connects, use the Search app to verify data is being
sent.You can search for data using a General Search or the Cloud Activity Data Search method.
- Use one of the following demo models to trigger a Workbench alert.
Important
Make sure to use an IAM user in AWS when using a demo model to enable testing the Revoke Access Permission response task. - Test response capabilities with the Revoke Access Permission task.