Cloud Trail
Cloud Trail enables you to fetch and analyze AWS Cloud Trail logs from the Amazon S3 (Simple Storage Service) buckets. Buckets are Amazon S3’s storage units that you can create and access using your AWS account. Cloud Trial can fetch logs from either Amazon S3’s buckets or from a bucket of a third-party service that is using Amazon S3’s storage.
CloudTrail for Logpoint
CloudTrail for Director Console UI
CloudTrail for Director Console API
Package Detail
CloudTrail components:
- Fetcher
- CloudTrailLogFetcher
- Compiled Normalizer
- CloudTrailCompiledNormalizer
- Report Package
- LP_CloudTrail
- Dashboard
- LP_CloudTrail
- Parser
- CloudTrailLogParser
- Alert Packages
-
LP_Console Sign In Without MFA
-
LP_Amazon EC2 Instance Changes
-
LP_CloudTrail Root Credentials Used
-
LP_CloudTrail Changes
-
LP_CloudTrail API Without MFA
-
LP_AWSCloudTrail Amazon S3 Bucket Activity
-
LP_Amazon Virtual Private Cloud Changes
-
LP_AWSCloudTrail Failed Login
-
LP_CloudTrail Authorization Failures=
-
LP_CloudTrail Network Access Control List Changes
-
LP_CloudTrail Network Gateway Changes
-
LP_AWSCloudTrail Security Group Configuration Changes
-
LP_CloudTrail IAM Policy Changes
-
LP_AWS Cloudtrail Reconnaissance - Gathering of Host Information Detected
-
LP_AWS Cloudtrail Reconnaissance - Gathering of Network Information Detected
-
LP_AWS Cloudtrail Reconnaissance - Gathering of User Information Detected
-
LP_AWS Cloudtrail - Creation of IAM User Detected
-
Enhancement
| Description | Issue ID | Reference ID |
|---|---|---|
|
You can now configure CloudTrail from Log Sources, which provides a centralized user interface for all the configurations of log collection. Compatibility is available with Director v2.6.0, currently available as Priority Access. Contact Support for its access. |
PLUG-11796 | - |
Past Releases
Cloud Trail v6.0.0
Enhancement
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
Cloud Trail is now compatible with Logpoint v7.4.2 and later. |
PLUG-10592 |
- |
Cloud Trail v5.2.1
Enhancements
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
In the CloudTrailCompiledNormalizer:
|
KB-20538, KB-17560, KB-20441, KB-20674, KB-20346, KB-17696 |
- |
Bug Fix
|
Description
|
Issue ID
|
Reference ID
|
|---|---|---|
|
CloudTrailCompiledNormalizer dropped account_id fields for all Failed Login events and for some Successful Login events. |
KB-19073 |
- |
Cloud Trail v5.2.0
Release Date: September 30, 2022
Supported On: Logpoint v6.7.0 and later
Download: Cloud_Trail_5.2.0.pak
SHA256: eda3a10567fe09bfbf8399123a3e74bc9bbad5aedc807f3ddbbcdcf24f84613d
Bug Fix
The following issue has been fixed:
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
The batch processor extracted compressed log files from Cloud Trail and loaded them in memory resulting in high CPU usage and long processing time. |
PLUG-9108 |
Cloud Trail v5.1.0
Enhancements
|
Description |
Issue ID |
Reference ID |
|---|---|---|
|
Cloud Trail now supports the EU West 3 (Paris) AWS region. |
PLUG-6150 |
43867, 66491 |
| You can now specify the Base Path of the directory from where logs are fetched. | PLUG-8453 | 62868 |
|
Cloud Trail now supports the configuration of proxy servers. |
PLUG-8404 | 62181 |
Support
If you have any queries or require assistance, create a support ticket.
Comments
Article is closed for comments.