Amazon Web Services (AWS) CloudTrail records API calls made to AWS. The Sumo Logic App for CloudTrail ingests these logs, providing greater visibility into events that, in turn, allows for security and operations forensics. For example, you can use the Sumo Logic App for CloudTrail to analyze raw CloudTrail data to investigate user behavior patterns. Or, by correlating CloudTrail data with other data sets, you can get a broader understanding of events from operating systems, intrusion detection systems, or even application logs.
Before you begin
Before you can begin to use the Sumo Logic App for CloudTrail, you’ll need to make sure that you’ve configured CloudTrail in your AWS account. Additionally, confirm that logs are being delivered to the S3 Bucket you’ll use to send the logs to Sumo Logic. For more information, and instructions, see Collect logs for the AWS CloudTrail App.
Using the App for CloudTrail in multiple environments
If you have more than one environment that generates CloudTrail data (such as ops, dev, and so on) you’ll need to configure a separate S3 Source for each environment. You can learn more here.