# AWS CloudTrail Lake

Ingest events from the Antivirus for Amazon S3 console into AWS CloudTrail Lake to enhance incident response, simplify audits, and streamline operational troubleshooting related to malware and sensitive data discovery.

With the newly launched PutAuditEvents API for AWS CloudTrail Lake, CSS has created a simple integration for you to capture user activity and events from the CSS console. In just a few steps, you can consolidate CSS activity logs together with AWS activity logs in CloudTrail Lake without having to build or manage the event data pipeline.

<figure><img src="/files/H9KpZophitInGmOLNpfX" alt=""><figcaption><p>Single Region Architecture: AWS CloudTrail Lake Integration</p></figcaption></figure>

### Getting Started

CSS uses the AWS PutAuditEvents API to send application activity from CSS to CloudTrail and we’ve streamlined integration setup in the CSS console. After you [subscribe, deploy and configure](/getting-started/how-to-subscribe.md) the CSS console, simply go to Configuration in the main menu, select Console Settings, and in the CloudTrail Lake Integration section, enable the integration and follow the prompts to connect CSS and CloudTrail Lake. By enabling the integration in CSS, everything is done for you, including creation of the [event data store](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_EventDataStore.html).

<figure><img src="/files/Ge9mT0mUz0yptgDtFTEE" alt=""><figcaption><p>CloudTrail Lake Integration in the Management Console</p></figcaption></figure>

Alternatively, you can set up the integration in AWS CloudTrail. Before you can ingest events into CloudTrail, you will need to [create an event data store](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html) in CloudTrail Lake to log events. Next, discover and enable the CSS integration by navigating to the CloudTrail console where you have a CloudTrail Lake event data store enabled. From there, you will be guided on how to stream events from the CSS console.

No matter which integration process you follow, once the event data store is created and CSS events are loaded into CloudTrail Lake, you will be able to search, query, and analyze a consolidated view of activity relating to security, audit, or operational incidents using CloudTrail Lake.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.cloudstoragesec.com/how-it-works/integrations/integrations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.