Link

AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.

What can Zenduty do for CloudTrail users?

With CloudTrail’s Integration, Zenduty sends new CloudTrail alerts to the right team and notifies them based on on-call schedules via email, text messages (SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the CloudTrail alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.

You can also use Alert Rules to custom route specific CloudTrail alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.

To integrate AWS CloudTrail with Zenduty, complete the following steps:

In Zenduty:

  1. To add a new AWS CloudTrail integration, go to ‘Teams’ on Zenduty and click on the ‘Manage’ button corresponding to the team you want to add the integration to.
  2. Next, go to ‘Services’ and click on the ‘Manage’ button corresponding to the relevant Service.
  3. Go to ‘Integrations’ and then ‘Add New Integration’. Give it a name and select the application ‘AWS CloudTrail’ from the dropdown menu.
  4. Go to ‘Configure’ under your integrations and copy the Webhook URL generated.

In AWS:

  1. Login to your AWS account. Go to your SNS dashboard. On the left panel, click on ‘Topics’. Click on ‘Create topic’. For topic and display names, enter ‘Zenduty’.

  2. Go back to the SNS dashboard and click on ‘Create Subscription’.
  3. In the Topic ARN, choose the topic created in Step 1. Select the protocol as HTTPS. In the endpoint field, paste the Webhook URL you copied earlier.
    • Keep the ‘Enable raw message delivery’ as unchecked.

  4. Click on ‘Create subscription’ to find a list of your subscriptions. Refresh this page to confirm.
  5. Go to the AWS EventBridge dashboard. On the left panel, click on ‘Rules’. Click on ‘Create rule’. For name enter ‘Zenduty’ and description as per your preference.

  6. In the Build event pattern step, choose ‘AWS events or EventBridge partner events’ as Event source. In the Event pattern select ‘AWS services’ as Event source and then select an AWS service. Set ‘AWS API Call via CloudTrail’ or ‘AWS Insight via CloudTrail’ in Event type.

    You can choose and enter a few specific operation(s) for which you would like notifications for. We highly recommend that you provide specific operation(s) for 'AWS API Call via CloudTrail' Event type to avoid noise.

  7. In Select targets, choose ‘AWS service’ as target types, choose ‘SNS’ topic target from the target menu and select the topic that you had created in earlier steps.

  8. Zenduty will create an incident for each finding and auto-resolve the incident when CloudTrail sends the resolved notification.

Respond to AWS CloudTrail Integration alerts faster

Looking for a better way to get real-time alerts from AWS CloudTrail Integration, setup a solid incident escalation and incident response pipeline and minimize response and resolution times for AWS CloudTrail Integration incidents?

Signup for a free trial


Copyright Zenduty 2020. Product of YellowAnt