Posted On: Nov 15, 2023

Today Amazon Web Services, Inc. (AWS) announces the availability of AWS CloudTrail Insights as a data source in AWS CloudTrail Lake. CloudTrail Lake is a managed data lake that lets you aggregate, immutably store, query and visualize your activity logs for auditing, security investigations and operational troubleshooting. CloudTrail Insights helps you identify unusual operational activity in your AWS accounts such as spikes in resource provisioning or bursts of AWS Identity and Access Management (IAM) actions. Until today, CloudTrail Insights were only available to customers using CloudTrail trails. Now, with CloudTrail Lake, you can analyze both your Insights events and AWS management events, helping you correlate the unusual activity with the AWS management events that could have led to it. You can also use the curated CloudTrail Lake dashboards to get an overview of anomalous behavior in your account including the type of Insights generated on your accounts or the source of these Insights.

To get started, create a CloudTrail Lake event data store using the CloudTrail Lake console, or using the AWS API or CLI to collect Insights events. This will allow any Insights events generated at an account or organization level, to be delivered to the specified CloudTrail Lake event data store. 

 Please refer to CloudTrail Lake pricing to understand ingestion and query charges for using this feature. CloudTrail Insights charges also apply. This new capability is available in all AWS Regions where AWS CloudTrail Lake is available.