Continuously audit your AWS CloudTrail configurations and enforce security compliance as code with Panther.

CloudTrail collects information from security, audit, VPC flow logs, and even API calls to monitor and log account activity continuously. Use Panther to track real-time changes to your CloudTrail to ensure configurations meet your business requirements for security and compliance.

Enabling CloudTrail is critical for understanding the history of account changes and detecting suspicious activity. Use Panther’s built in policies for continuous monitoring of CloudTrail resources, or write your own detections in Python to fit your internal business use cases.

Use Cases

Panther enables the following use-cases with this data:

• Analyze and keep track of changes to infrastructure (e.g., ACL changes)

• Receive real-time alerts to suspicious activity

• Ingest all your CloudTrail data in one place and gain insights into your CloudTrails logging activity using S3

• Ensure the most secure configuration possible

How it Works

The integration is simple and fast:

• Connect your AWS account to Panther

• A baseline scan is performed to identify all existing CloudTrails in your account(s)

• Built-in detections identify security issues

• Alerts will be sent if non-compliant CloudTrails exist

Use Panther to search all CloudTrails in an account by name, view their compliance status, associated policies, and configured remediations.

CloudTrail Log Analysis

Panther can also collect, normalize, and analyze your CloudTrail logs to detect suspicious activity in real time. Learn more about using Panther to analyze your AWS logs for security insights.