AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting by tracking user activity and API usage. CloudTrail logs, continuously monitors, and retains account activity related to actions across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
What can Zenduty do for CloudTrail users?
With CloudTrail’s Integration, Zenduty sends new CloudTrail alerts to the right team and notifies them based on on-call schedules via email, text messages(SMS), phone calls(Voice), Slack, Microsoft Teams and iOS & Android push notifications, and escalates alerts until the alert is acknowledged or closed. Zenduty provides your NOC, SRE and application engineers with detailed context around the CloudTrail alert along with playbooks and a complete incident command framework to triage, remediate and resolve incidents with speed.
You can also use Alert Rules to custom route specific CloudTrail alerts to specific users, teams or escalation policies, write suppression rules, auto add notes, responders and incident tasks.
To integrate AWS CloudTrail with Zenduty, complete the following steps:
- To add a new AWS CloudTrail integration, go to Teams on Zenduty and click on the team you want to add the integration to.
- Next, go to Services and click on the relevant Service.
- Go to Integrations and then Add New Integration. Give it a name and select the application AWS CloudTrail from the dropdown menu.
- Go to Configure under your integrations and copy the Webhook URL generated.
Login to your AWS account. Go to your SNS dashboard. On the left panel, click on Topics. Click on Create topic. For topic and display names, enter Zenduty.
- Go back to the SNS dashboard and click on Create Subscription.
- In the Topic ARN, choose the topic created in Step 1. Select the protocol as HTTPS. In the endpoint field, paste the Webhook URL you copied earlier.
- Keep the Enable raw message delivery as unchecked.
- Click on Create subscription to find a list of your subscriptions. Refresh this page to confirm.
Go to the AWS EventBridge dashboard. On the left panel, click on Rules. Click on Create rule. For name enter Zenduty and description as per your preference.
In the Build event pattern step, choose AWS events or EventBridge partner events as Event source. In the Event pattern select AWS services as Event source and then select an AWS service. Set AWS API Call via CloudTrail or AWS Insight via CloudTrail in Event type.
You can choose and enter a few specific operation(s) for which you would like notifications for. We highly recommend that you provide specific operation(s) for 'AWS API Call via CloudTrail' Event type to avoid noise.
In Select targets, choose AWS service as target types, choose SNS topic target from the target menu and select the topic that you had created in earlier steps.
- Zenduty will create an incident for each finding and auto-resolve the incident when CloudTrail sends the resolved notification.
Respond to AWS CloudTrail Integration alerts faster
Looking for a better way to get real-time alerts from AWS CloudTrail Integration, setup a solid incident escalation and incident response pipeline and minimize response and resolution times for AWS CloudTrail Integration incidents?