Published: October 2016
Alert Logic® Log Review™ now supports Amazon Web Services (AWS) CloudTrail. The Log Review service, which reviews curated log searches around specific events and platforms daily, now includes CloudTrail logs in its daily review process.
Log Review has historically reviewed 21 pre-defined reports that focus specifically on PCI compliance and security-related activities, including Unix/Windows failed logins, user and group modification, and policy changes.
The initial 21 events and activities that are analyzed through Log Review fall within these categories:
- Microsoft Active Directory
- Windows serverE
- Oracle and SQL databases
- Network devices
In order to extend the Log Review service into customers' AWS environments, an additional category, including 12 reports specific to AWS CloudTrail, are now included with the original 21 pre-defined reports.
The 12 additional AWS CloudTrail-specific events and activities that are now analyzed through Log Review fall within the AWS CloudTrail category. The additional events and activities include:
- S3 Bucket Activity
- Security Group Configuration Changes
- Network Access Control List Changes
- Network Gateway Changes
- Virtual Private Cloud Changes
- EC2 Large Instance Changes
- CloudTrail Changes
- IAM Policy Changes
- Console Login Without Multi-Factor Authentication
- AWS User Account Modified
- AWS User Group Modified
NOTE: This software update does not change the Log Review service. Rather, it extends the original Log Review service into AWS environments.
A full and detailed list of the reports that Log Review automatically analyzes is available here: What Alert Logic Reviews with Log Review | Feature Education
A matrix detailing how Log Review meets some of the most prevalent security compliance standards is available here: Log Review Compliance Coverage | Feature Education