AWS CloudTrail offers auditing and transaction logging services, promising to simplify what can often be complex compliance and security analysis, while also increasing visibility and incident response capabilities.

Excerpt from ICS2…

What is CloudTrail, and Why Does it Matter?

AWS CloudTrail is an AWS service that helps you audit your AWS account, providing complete visibility into the governance, compliance, and risks of your AWS account. Logging is an integral component of any cybersecurity program.

All actions taken by a user, role, or an AWS service are logged and recorded as events in CloudTrail. AWS outlines six best practices for security in the cloud, one of the six is detection. CloudTrail is the recommended service to implement detective controls to identify a potential security threat or incident. If you are hosted on AWS, CloudTrail should be a core component of your governance program and can be used to support a quality control process, a legal or compliance obligation, and for threat identification and response efforts.

AJ Yawn, CISSP via ISC2 Blog

Read rest of article including configuration tips at ICS2…