Note: This article includes information for customers who subscribe to Alert Logic® Log Manager™. For more information on Amazon Web Services (AWS) CloudTrail collection for Alert Logic SIEMless Threat Management™, refer to our About AWS Cloud Trail and Alert Logic documentation.
In order to get Alert Logic® to begin collecting Amazon Web Services (AWS) CloudTrail logs within the Alert Logic console, you must complete two stages of action.
The first stage is setting up AWS CloudTrail, which includes enabling CloudTrail, creating an SQS Queue, creating an IAM Policy, and creating an IAM role. Details on completing all of these actions can be found within our Log Manager for AWS CloudTrail documentation. The second stage is setting up the source in the Alert Logic console.
Note: You will need to enable a cross-account policy and role before setting up a CloudTrail log source. Details on this can be found within our Configure Alert Logic Cloud Defender AWS Cross-Account Role Access documentation.