Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  1. How It Works
  2. Integrations

AWS CloudTrail Lake

We have an available CloudTrail Lake integration that you can use for your deployment.

PreviousAWS Security HubNextAWS Transfer Family

Last updated 1 month ago

Ingest events from the Antivirus for Amazon S3 console into AWS CloudTrail Lake to enhance incident response, simplify audits, and streamline operational troubleshooting related to malware and sensitive data discovery.

With the newly launched PutAuditEvents API for AWS CloudTrail Lake, CSS has created a simple integration for you to capture user activity and events from the CSS console. In just a few steps, you can consolidate CSS activity logs together with AWS activity logs in CloudTrail Lake without having to build or manage the event data pipeline.

Getting Started

No matter which integration process you follow, once the event data store is created and CSS events are loaded into CloudTrail Lake, you will be able to search, query, and analyze a consolidated view of activity relating to security, audit, or operational incidents using CloudTrail Lake.

CSS uses the AWS PutAuditEvents API to send application activity from CSS to CloudTrail and we’ve streamlined integration setup in the CSS console. After you the CSS console, simply go to Configuration in the main menu, select Console Settings, and in the CloudTrail Lake Integration section, enable the integration and follow the prompts to connect CSS and CloudTrail Lake. By enabling the integration in CSS, everything is done for you, including creation of the .

Alternatively, you can set up the integration in AWS CloudTrail. Before you can ingest events into CloudTrail, you will need to in CloudTrail Lake to log events. Next, discover and enable the CSS integration by navigating to the CloudTrail console where you have a CloudTrail Lake event data store enabled. From there, you will be guided on how to stream events from the CSS console.

subscribe, deploy and configure
event data store
create an event data store
Single Region Architecture: AWS CloudTrail Lake Integration
CloudTrail Lake Integration in the Management Console