Amazon Web Services (AWS) CloudTrail records API calls made to AWS. The Sumo Logic App for CloudTrail ingests these logs, providing greater visibility into events that, in turn, allows for security and operations forensics. For example, you can use the Sumo Logic App for CloudTrail to analyze raw CloudTrail data to investigate user behavior patterns. Or, by correlating CloudTrail data with other data sets, you can get a broader understanding of events from operating systems, intrusion detection systems, or even application logs.
The Sumo Logic App for AWS CloudTrail has four Dashboards that track user and administrator activity, including the User Monitoring Dashboard, the Network and Security Dashboard, the Operations Dashboard, and the Console Logins Dashboard.
Before you begin
Before you can begin to use the Sumo Logic App for CloudTrail, you’ll need to make sure that you’ve configured CloudTrail in your AWS account. Additionally, confirm that logs are being delivered to the S3 Bucket you’ll use to send the logs to Sumo Logic. For more information, and instructions, see Collect logs for the AWS CloudTrail App.