Security - Capturing and analyzing logs Flashcards

1
Q

CloudTrail - Characteristics

A
  • It enables governance, compliance, and operational and risk auditing of AWS accounts
  • Tracks actions that an IAM principal does to AWS resources / services
  • Through Event history you can review the events occurred in the last 90 days
  • Stores information in a specific S3 bucket, that is encrypted by default using SSE-S3
  • CloudTrail Log Monitoring monitors log files by distributing them into CloudWatch Logs. It validates logs’ integrity since the last time the logs were sent to CloudWatch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

CloudTrail - Event types

A
  • Management events: provide information about management operations that are performed on resources in your AWS account. Also known as control plane operations
  • Data events: provide information about the resource operations performed in a resource. Also known as data plane operations. They are often high-volume activities, and not logged by default when you create a trail
  • CloudTrail Insights: capture unusual API call rate or error rate activity in your AWS account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CloudTrail - Trail types

A
  • A trail for all regions: CloudTrail records events in each region. A new region is automatically included when a service / resource of a new region is added
  • A trail for one region: CloudTrail records events in that region only
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CloudTrail - Integration with other services

A
  • A trail can deliver CloudTrail events to S3. Also can monitor API calls from CloudWatch Logs (non-AWS APIs) and CloudWatch Events (AWS API), to store that information in a S3 bucket
  • CloudTrail and CloudWatch logs:
  • Can configure SNS notifications of the account activity captured by CloudTrail (i.e. can create CloudWatch alarms to notify users about API calls that modify Security Groups and NACLs)
  • CloudWatch Logs provide an UI to view and search logs
  • CloudTrail and Athena: can enhance the analysis of an AWS service activity (i.e. can use queries to identify trends and further isolate activity by a source IP address, or user)
  • CloudTrail and Config: to capture all API calls of AWS Config
How well did you know this?
1
Not at all
2
3
4
5
Perfectly