AWS CloudTrail integration with Incident Response

AWS CloudTrail integration enables automated response workflows for activities that could affect compliance and security issues in your AWS ecosystem. Incident Response provides the opportunity to group alerts alongside other ongoing issues and it has seamless integrations with systems of record like JIRA and SNOW. This is a one-way integration, sending alerts to Incident Response.

What does Incident Response offer AWS CloudTrail users?

Use AWS integration to send CloudTrail alerts to Incident Response.

Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.

Functionality of the integration

Whenever any new log file is created by AWS CloudTrail, an alert is created on the Lightstep Incident Response.