Back Arrow Back to All Integrations

AWS: CloudTrail

AWS: CloudTrail

Integrating with AWS CloudTrail

Click here for the most updated version of this documentation.


Before configuring AWS CloudTrail, we recommend reviewing Getting started with Blumira’s AWS security monitoring.


Get a Free Cloud SIEM Trial

Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.


Free Trial

CloudTrail Configuration

  1. In the AWS console, navigate to the CloudTrail service. If this is the first time you have configured CloudTrail, select Create a trail from the welcome screen. If you already have used CloudTrail in your environment, skip to step 3.
  2. From the “Quick Trail” configuration screen, select Create full trail.
  3. Open CloudTrail from the AWS console and select Create trail
  4. Enter the configuration for CloudWatch logs to enable sending CloudTrail logs to CloudWatch, allowing the service to create a service role to enable CloudTrail the permissions to put log data into the CloudWatch log group. Then click Next
  5. Select which types of CloudTrail events to log (Blumira Recommends: Management, Insights events, and Data events including S3, Lambda, and DynamoDB)
  6. Click Create trail

S3 Housekeeping Lifecycle Policy

  1. In the AWS console, go to S3 and select the S3 bucket created for CloudTrail logging. Select the management tab and click Create lifecycle rule
  2. Enter a name for the lifecycle rule and under Choose a rule scope, select the radio button to apply the rule to all objects in the bucket
  3. Set the lifecycle policy to expire current versions of objects and permanently delete any previous version of objects after 1 day, then click Create rule.

Now that you’ve configured AWS: CloudTrail for Blumira, continue to the next step in configuring AWS for Blumira – configure AWS: CloudWatch >