AWS CloudTrail Log Detections
Monitor AWS CloudTrail logs for signs of compromise, unauthorized access, or abnormal API usage patterns.
About this report
Detect suspicious activity patterns across your AWS accounts by analyzing CloudTrail logs for security anomalies. Security teams can quickly spot potential account compromises, unauthorized access attempts, and risky administrative actions before they result in breaches.
Key questions
- Is someone attempting to breach my AWS environment?
- How can I detect unauthorized access to my AWS accounts?
- Who's making changes to IAM policies in my AWS organization?
- Is my root account being used inappropriately?
Visualizations in the report
Total AWS API Calls Logged
Shows overall API activity volume for your AWS organization. Establishes a baseline to help identify unusual spikes that might indicate automated attacks or compromised credentials.
API Requests by Region
Visualizes API call distribution across AWS geographic regions. Quickly detect activity in regions you do not normally use, which often indicates compromise.
Failed vs. Successful Login Attempts
Tracks authentication failures across your environment. Helps identify potential brute force attacks and credential stuffing attempts targeting your accounts.
IAM Policy Changes
Monitors modifications to permission policies and access controls. Catch unauthorized privilege escalations or security policy weakening attempts early.
Newly Created IAM Users
Shows when new identities appear in your AWS accounts. Verify these additions were authorized and not created by attackers establishing persistence.
Root Account Usage
Alerts on any use of the highly-privileged root account. Since root should rarely be accessed in a secure environment, this visualization quickly highlights concerning behavior.
Top IAM Users by Activity
Lists the most active identities in your environment by API call volume. Spot potentially compromised accounts through unusual activity patterns or volume changes.
Top 5 Most Invoked APIs
Ranks the most frequently used AWS service calls. Helps security teams understand normal operational patterns and spot anomalous API usage.
Get a personalized demo
Book a demo and see how easy it is to get started with CloudQuery Reports. We'll walk you through connecting your data sources and show you the information that's available. Book a demo today for a complete overview of CloudQuery's Reporting tools.
