The Log Analysis for AWS CloudTrail application provides out-of-the-box dashboards. You can use the dashboards to analyze and audit all types of events in your Amazon Web Services (AWS) account. The following dashboards are provided: Overview, Logon Auditing, S3 Data Event, IAM Auditing, and Network and Security Auditing.

Prerequisites

A Log Analysis for CloudTrail configuration is created. For more information, see Import Logs from AWS CloudTrail to Log Service.

Procedure

Important This topic is proprietary information of Alibaba Cloud, and describes the capabilities that are provided by Alibaba Cloud to interact with third-party services. Therefore, the names of third-party companies and services may be referenced in this topic.
  1. Log on to the Log Service console.
  2. On the Audit & Security tab in the Log Application section, click Log Analysis for AWS CloudTrail.
  3. In the left-side navigation pane, click the report that you want to view in the Data Reports section.
  4. In the upper-left corner of the page that appears, select the Log Analysis for AWS CloudTrail configuration.

Overview

The Overview dashboard displays the statistics on all events that are recorded by AWS CloudTrail in charts. The information includes the number of events, number of source services, number of source regions, number of Insights events, distribution of event types, distribution of source regions, and event trends.

Overview

Logon Auditing

The Logon Auditing dashboard displays information about the sign-in events that are recorded by AWS CloudTrail in charts. The information includes the distribution of global sign-in events, trends of successful sign-in events and failed sign-in events, distribution of failed authentication events, and global distribution of failed authentication events.

Logon Auditing

S3 Data Event

The S3 Data Event dashboard displays information about Amazon Simple Storage Service (S3) data events that are recorded by AWS CloudTrail in charts. The information includes the list of buckets, number of operations on objects, number of read operations on objects, number of write operations on objects, number of delete operations on objects, and trend of operations on objects.

Note The dashboard displays data only if data events exist in AWS CloudTrail that you configured. For more information, see Data events.
Data events

IAM Auditing

The IAM Auditing dashboard displays information about Identity and Access Management (IAM) events that are recorded by AWS CloudTrail in charts. The information includes the number of error events, distribution of IAM error events, list of error events, distribution of user change events, and list of user change events.

IAM Auditing

Network and Security Auditing

The Network and Security Auditing dashboard displays information about network and security events that are recorded by AWS CloudTrail in charts. The information includes the distribution of change events for virtual private clouds (VPCs), list of change events for VPCs, distribution of change events for network firewalls, and list of change events for network firewalls.

Network and Security Auditing