Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

Cloud Trail

Cloud Trail enables you to fetch and analyze AWS Cloud Trail logs from the Amazon S3 (Simple Storage Service) buckets. Buckets are Amazon S3’s storage units that you can create and access using your AWS account. Cloud Trial can fetch logs from either Amazon S3’s buckets or from a bucket of a third-party service that is using Amazon S3’s storage.

 

Release Details
Release date: 30th October, 2024
Version: 6.2.0
Supported On: Logpoint v7.4.0 and later
Documentation: 
CloudTrail for Logpoint
CloudTrail for Director Console UI
CloudTrail for Director Console API 
SHA 256: 9ded89cdbed986c46613e2821f5b78238e41277c58e582c58f6212c10baf40e0
Download

Package Detail

CloudTrail components:

  1. Fetcher
    • CloudTrailLogFetcher
  2. Compiled Normalizer
    • CloudTrailCompiledNormalizer
  3. Report Package
    • LP_CloudTrail
  4. Dashboard
    • LP_CloudTrail
  5. Parser
    • CloudTrailLogParser
  6. Alert Packages

    • LP_Console Sign In Without MFA

    • LP_Amazon EC2 Instance Changes

    • LP_CloudTrail Root Credentials Used

    • LP_CloudTrail Changes

    • LP_CloudTrail API Without MFA

    • LP_AWSCloudTrail Amazon S3 Bucket Activity

    • LP_Amazon Virtual Private Cloud Changes

    • LP_AWSCloudTrail Failed Login

    • LP_CloudTrail Authorization Failures=

    • LP_CloudTrail Network Access Control List Changes

    • LP_CloudTrail Network Gateway Changes

    • LP_AWSCloudTrail Security Group Configuration Changes

    • LP_CloudTrail IAM Policy Changes

    • LP_AWS Cloudtrail Reconnaissance - Gathering of Host Information Detected

    • LP_AWS Cloudtrail Reconnaissance - Gathering of Network Information Detected

    • LP_AWS Cloudtrail Reconnaissance - Gathering of User Information Detected

    • LP_AWS Cloudtrail - Creation of IAM User Detected

Enhancement

Description Issue ID Reference ID

You can now configure CloudTrail from Log Sources, which provides a centralized user interface for all the configurations of log collection.

Compatibility is available with Director v2.6.0, currently available as Priority Access. Contact Support for its access.

 PLUG-11796 -  

 

Past Releases

Cloud Trail v6.0.0

Version: 6.0.0
Release date: May 14, 2024
Supported On: Logpoint v6.7.0 and later
Documentation: Cloud Trial guide
SHA 256: 7c70b2f5e2255fa6e58abb872d1f7246e447c62b6579d0409be0db145d156ee6
Download: Cloud_Trail_6.0.0.pak

Enhancement

Description
Issue ID
Reference ID

Cloud Trail is now compatible with Logpoint v7.4.2 and later.

PLUG-10592

 -

 

Cloud Trail v5.2.1

Version: 5.2.1
Release date: May 17, 2023
Supported On: Logpoint v6.7.0 and later
Documentation: Cloud Trial guide
SHA 256: 2c328fa49f0b7555488ce1c339f993ef2766bf878c4027bb830e8d29a99d9a60

Download

Enhancements

Description
Issue ID
Reference ID

In the CloudTrailCompiledNormalizer:

  • Renamed the receiver_id field to account_id and the tlsDetails_clientProvidedHostHeader field to host. 
  • Users can now see whether a User Login event was successful or not through the addition of the new User label.  
  • Parsed the principal_id field with AROAYW72NODXECCZZCVNL:user@logpoint.com value of Cloud Trail logs to assign the user value user@logpoint.com in the upn field. 
  • Parsed the JSON field by three levels deep for faster performance.

KB-20538, KB-17560, KB-20441, KB-20674, KB-20346, KB-17696

 -

Bug Fix

Description
Issue ID
Reference ID

CloudTrailCompiledNormalizer dropped account_id fields for all Failed Login events and for some Successful Login events. 

KB-19073

 -

Cloud Trail v5.2.0

Release Date: September 30, 2022

Supported On: Logpoint v6.7.0 and later

Download: Cloud_Trail_5.2.0.pak

SHA256: eda3a10567fe09bfbf8399123a3e74bc9bbad5aedc807f3ddbbcdcf24f84613d

Bug Fix

The following issue has been fixed:

Description

Issue ID

Reference ID

The batch processor extracted compressed log files from Cloud Trail and loaded them in memory resulting in high CPU usage and long processing time.

 PLUG-9108   

Cloud Trail v5.1.0

 

Enhancements

Description

Issue ID

Reference ID

Cloud Trail now supports the EU West 3 (Paris) AWS region.

PLUG-6150

 43867, 66491
You can now specify the Base Path of the directory from where logs are fetched. PLUG-8453 62868

Cloud Trail now supports the configuration of proxy servers.

 PLUG-8404 62181

 

Support

If you have any queries or require assistance, create a support ticket.

Comments

Article is closed for comments.

Follow

Related articles

  • S3 Fetcher
  • AWSServices
  • Cloud Connector
  • Google Workspace/GSuite
  • GoogleCloudPlatform
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.