Skip to content

AWS CloudTrail

Chronicle supports the ingestion of AWS CloudTrail logs via a S3 Bucket.

Chronicle Data Types

  • AWS_CLOUDTRAIL

Configuration

  1. Create a new S3 bucket for the CloudTrail logs to be stored in. If you already have a S3 bucket setup you can use the existing bucket.
  2. Follow this AWS Guide on how to setup CloudTrail Logs into your S3 Bucket.
  3. Once the CloudTrail is running and confirmed to be flowing in your S3 bucket follow the AWS S3 Bucket guide on how to create a IAM user for CYDERES that can access this S3 bucket.