From the course: AWS Administration: Security Operations
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Demo: CloudTrail - Amazon Web Services (AWS) Tutorial
From the course: AWS Administration: Security Operations
Demo: CloudTrail
- [Narrator] To view what CloudTrail has tracked as to what's happened in this AWS account, we have to open up CloudTrail. CloudTrail can be found under management and governance. Selecting CloudTrail, it should open and show us some events that it's tracked. Note that it's tracking the last 90 days. If we wanted these events to be permanent, we would have to create our own trial that points these records to an history bucket. On the left side, let's click event history and scroll down and look at some of the events I-E the activity that's been carried out in this account. Notice that the root user has been in doing some work. That's not good. Let's scroll down and take a look as to what the root account has been doing. The root account has created a VPcEndpoint, the root account has deleted a load balancer. Let's take a look at this entry, and we can actually see when it's happened. The source IP whether work was done.…
Contents
-
-
-
-
-
(Locked)
Understanding visibility and logging5m 41s
-
(Locked)
Monitor security with CloudTrail5m 5s
-
(Locked)
Demo: CloudTrail2m 52s
-
(Locked)
Challenge: Create a Custom Trail1m 1s
-
(Locked)
Solution: Create a Custom Trail2m 30s
-
(Locked)
CloudWatch5m 44s
-
(Locked)
CloudWatch Logs2m 14s
-
(Locked)
CloudWatch Events3m 47s
-
(Locked)
VPC Flow Logs3m 42s
-
(Locked)
Monitor activity with GuardDuty4m 57s
-
(Locked)
Manage security with ControlTower4m 41s
-
(Locked)
Lambda and Lambda functions3m 35s
-
(Locked)
Simple Notification Services3m 54s
-
(Locked)
Explore AWS Config3m 40s
-
(Locked)
Demo: Config2m 58s
-
(Locked)
-