Solutions

ThreatGPS™ for AWS CloudTrail

For your AWS workloads running in the cloud, CloudTrail records AWS API calls for your account to provide you with visibility. However, too many logs and events get generated every day for manual inspection. Most likely you do not have the deep alerting you would need to put your mind at ease that there is no unexpected or malicious activity in your account.

LogicHub’s ThreatGPS™ for AWS CloudTrail provides out-of-the-box threat detection for all your CloudTrail logs. It continuously monitors your feed of CloudTrail events to detect any unusual behavior or pattern, and provides you with a really high quality feed of alerts.

Key Capabilities

With LogicHub’s powerful Threat Ranking engine, you can make sure that the alerts you are getting is free of noise and false positives, while ensuring that suspicious activity does not get lost without a notification.

Rapid deployment with pre-built logic and guided expertise

360 degree automated review of CloudTrails events, with 100% coverage of all event types

Automatically generates high quality alerts with very low false positive rates by

  • Automatically parsing all CloudTrail events
  • Building baselines around source IPs, accounts, users
  • Easily incorporating business context and user feedback

Easy to adapt and train to your custom environment

Automation integrations with ticketing systems such as Jira, and Active Directory for user roles.

Request a Demo

Request a Demo