Comment on page
AWS CloudTrail Lake
We have an available CloudTrail Lake integration that you can use for your deployment.
Ingest events from the Antivirus for Amazon S3 console into AWS CloudTrail Lake to enhance incident response, simplify audits, and streamline operational troubleshooting related to malware and sensitive data discovery.
With the newly launched PutAuditEvents API for AWS CloudTrail Lake, CSS has created a simple integration for you to capture user activity and events from the CSS console. In just a few steps, you can consolidate CSS activity logs together with AWS activity logs in CloudTrail Lake without having to build or manage the event data pipeline.
Single Region Architecture: AWS CloudTrail Lake Integration
CSS uses the AWS PutAuditEvents API to send application activity from CSS to CloudTrail and we’ve streamlined integration setup in the CSS console. After you subscribe, deploy and configure the CSS console, simply go to Configuration in the main menu, select Console Settings, and in the CloudTrail Lake Integration section, enable the integration and follow the prompts to connect CSS and CloudTrail Lake. By enabling the integration in CSS, everything is done for you, including creation of the event data store.
CloudTrail Lake Integration in the Management Console
Alternatively, you can set up the integration in AWS CloudTrail. Before you can ingest events into CloudTrail, you will need to create an event data store in CloudTrail Lake to log events. Next, discover and enable the CSS integration by navigating to the CloudTrail console where you have a CloudTrail Lake event data store enabled. From there, you will be guided on how to stream events from the CSS console.
No matter which integration process you follow, once the event data store is created and CSS events are loaded into CloudTrail Lake, you will be able to search, query, and analyze a consolidated view of activity relating to security, audit, or operational incidents using CloudTrail Lake.