Skip to main content
Sumo Logic

AWS CloudTrail

Amazon Web Services (AWS) CloudTrail records API calls made to AWS. The Sumo Logic App for CloudTrail ingests these logs, providing greater visibility into events that, in turn, allows for security and operations forensics. For example, you can use the Sumo Logic App for CloudTrail to analyze raw CloudTrail data to investigate user behavior patterns. Or, by correlating CloudTrail data with other data sets, you can get a broader understanding of events from operating systems, intrusion detection systems, or even application logs.

The Sumo Logic App for AWS CloudTrail has four Dashboards that track user and administrator activity, including the User Monitoring Dashboard, the Network and Security Dashboard, the Operations Dashboard, and the Console Logins Dashboard.

Before you begin

Before you can begin to use the Sumo Logic App for CloudTrail, you’ll need to make sure that you’ve configured CloudTrail in your AWS account. Additionally, confirm that logs are being delivered to the S3 Bucket you’ll use to send the logs to Sumo Logic. For more information, and instructions, see Collect logs for the AWS CloudTrail App.

Using the App for CloudTrail in multiple environments

If you have more than one environment that generates CloudTrail data (such as ops, dev, and so on) you’ll need to configure a separate S3 Source for each environment. You can learn more here.