Questions tagged with AWS CloudTrail
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
I have a log group and the Timestamp of the log shows today's date, but when I look at the eventTime field in the object described in the log I can see it was actually a few months ago, any one know...
0
answers
0
votes
252
views
asked 4 months agolg...
Hi All, I have created a cloudtrail log to read any s3 dataevent. I see in s3 location, logs have started building. But when I try to query this data in S3 , it's failing with error ...
0
answers
0
votes
84
views
asked 4 months agolg...
Hello,
I have been receiving a high cost from GuardDuty every day for some time, when I analyzed it further I saw that this cost is related to the analysis of CloudTrail events by GuardDuty, and I...
2
answers
0
votes
208
views
asked 4 months agolg...
AWS Cloudtrails logslg...
Hi,
I have CloudTrail enabled on our AWS system, and I only enabled the Management event. Is there a way to not log events on Data Lifecycle Manager since it’s giving a bulk data event?
1
answers
0
votes
125
views
asked 4 months agolg...
We have an alarm setup for CloudTrailAuthorizationFailures which is one of the metric filters in the CloudTrail/DefaultLogGroup. We have a retention on this log group for 12 months however when...
1
answers
0
votes
313
views
asked 5 months agolg...
Hi,
Suddenly events stopped to sending logs to SIEM. All testing is passed in SIEM tool end, but logs are not receiving.
Thanks.
0
answers
0
votes
51
views
asked 5 months agolg...
I currently have multiple AWS accounts under a single OU. I want to launch Control Tower in a NEW management account, and then register the existing OU to the Control Tower. What will happen to...
1
answers
0
votes
166
views
asked 5 months agolg...
My organization is ingesting its CloudTrail logs into a Sentinel workspace. I recently updated our current LogTrail by adding S3 in the data events but when I performed some specific operations to...
1
answers
0
votes
208
views
asked 5 months agolg...
Why is the userIdentity.sessionContext field missing from AwsConsoleAction entries in CloudTrail?lg...
We are processing CloudTrail logs to check and highlight actions not protected by MFA.
When someone signs in as Root all the events with `eventType` `AwsApiCall` have `sessionContext` populated. For...
0
answers
0
votes
59
views
asked 5 months agolg...
Hello guy need help
i am getting unauthorized API call is made alarm. i dont know what is the root cause.
how to find this in cloudtrail?
1
answers
1
votes
439
views
asked 5 months agolg...
Hello Team.
I have implemented Control Tower, so I have management, audit, log archive and additional member accounts.
This setup has activated in every account some services suchs as:
AWS Config,...
0
answers
0
votes
94
views
asked 6 months agolg...
I would like to monitor the volume of data sent externally from my AWS account.
I'm looking for to retrieve logs that allow me to have the volume of data sent externally in real time.
Who can help me...
1
answers
0
votes
336
views
asked 6 months agolg...