AWS CloudTrail Lake's latest capabilities will improve your cloud visibility and investigations.
AWS CloudTrail Lake, a managed data lake that may be utilized for operational problems, security investigations, and audits, has been updated. It enables you to compile, store, and query events captured by AWS CloudTrail in an unchangeable way.
The latest enhancements to CloudTrail Lake are:
- Better options for CloudTrail event filtering
- Across accounts, sharing event data storage
- Generative AI-powered natural language query generation is widely accessible.
- AI-driven preview function for query result summarization
- Comprehensive dashboard capabilities include a high-level overview dashboard with AI-powered insights (AI-powered insights is under preview), the ability to create custom dashboards with scheduled refreshes, and a suite of 14 pre-built dashboards for various use cases.
Let's take a closer look at each of the new features.
Filtering CloudTrail events that are fed into event data repositories is made easier
You now have more control over which CloudTrail events are ingested into your event data storage thanks to enhanced event filtering features. These enhanced filtering options improve the efficacy and precision of security, compliance, and operational investigations by providing you with greater control over your AWS activity data. The additional filtering options also help you reduce the expenses of your analytical process by ingesting just the most relevant event data into your CloudTrail Lake event data repositories.Properties such as sessionCredentialFromConsole, userIdentity.arn, eventSource, eventType, and eventName may be used to filter both management and data events.
Across accounts, sharing event data storage
Analysis teamwork may be enhanced by using the cross-account sharing feature of event data repositories. It may safely share event data storage with particular AWS principals thanks to Resource-Based Policies (RBP). This feature allows authorized companies to query shared event data stores inside the same AWS Region in which they were created.
Now generally available is CloudTrail Lake's generative AI-powered natural language query generation.
In June, AWS made this capability available in preview form for CloudTrail Lake. With this launch, you may create SQL queries using natural language queries to explore and analyze AWS activity logs (only management, data, and network activity events) without needing technical SQL expertise. The application uses generative AI to transform natural language searches into ready-to-use SQL queries that you can run within the CloudTrail Lake user interface. This facilitates the exploration of event data warehouses and the retrieval of data on error counts, the most popular services, and the causes of issues. For customers who prefer command-line operations, this feature is now accessible through the AWS Command Line Interface (AWS CLI), providing them with even greater freedom.
A first peek at the CloudTrail Lake query result summary feature driven by generative AI
Building on its capacity to produce queries in natural language, AWS is introducing a new AI-powered query results summary tool in preview to further expedite the process of reviewing AWS account actions. By automatically summarizing the key findings of your query results in natural language, this feature reduces the amount of time and effort required to understand the information. It enables you to swiftly extract informative information from your AWS activity logs (only management, data, and network activity events).Comprehensive dashboard features
The new dashboard capabilities from CloudTrail Lake will enhance analysis and visibility across all of your AWS installations.The first is a Highlights dashboard that provides you with a brief summary of the data events that have been captured in your CloudTrail Lake management and stored in event data stores. This dashboard makes it easy to quickly locate and understand important information, such as the most common failed API requests, trends in unsuccessful login attempts, and spikes in resource generation. It draws attention to any strange trends or irregularities in the data.
Now available
The addition of additional functionality to AWS CloudTrail Lake is a major advancement in providing a comprehensive audit logging and analysis solution. By facilitating deeper knowledge and speedier investigation, these enhancements aid in more proactive monitoring and faster problem resolution throughout your whole AWS settings.Generative AI-powered natural language query generation is now available at CloudTrail Lake in the US East (N. Virginia), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Sydney), Asia Pacific (Tokyo), Canada (Central), and Europe (London) AWS Regions.
The US East (N. Virginia), US West (Oregon), and Asia Pacific (Tokyo) regions are offering previews of the CloudTrail Lake generative AI-powered query results summary feature.
All regions where CloudTrail Lake is available have better filtering options and cross-account sharing of event data stores and dashboards, with the exception of the Highlights dashboard's generative AI-powered summarization feature, which is only available in the US East (N. Virginia), US West (Oregon), and Asia Pacific (Tokyo) Regions.
0 Comments