ThreatGPS™ for AWS CloudTrail
For your AWS workloads running in the cloud, CloudTrail records AWS API calls for your account to provide you with visibility. However, too many logs and events get generated every day for manual inspection. Most likely you do not have the deep alerting you would need to put your mind at ease that there is no unexpected or malicious activity in your account.
LogicHub’s ThreatGPS™ for AWS CloudTrail provides out-of-the-box threat detection for all your CloudTrail logs. It continuously monitors your feed of CloudTrail events to detect any unusual behavior or pattern, and provides you with a really high quality feed of alerts.
Rapid deployment with pre-built logic and guided expertise
360 degree automated review of CloudTrails events, with 100% coverage of all event types
Automatically generates high quality alerts with very low false positive rates by
- Automatically parsing all CloudTrail events
- Building baselines around source IPs, accounts, users
- Easily incorporating business context and user feedback
Easy to adapt and train to your custom environment
Automation integrations with ticketing systems such as Jira, and Active Directory for user roles.