Posted On: Sep 10, 2020

CloudTrail Insights now helps you correlate user identities, user agents, and error codes associated with unusual levels of API activity. Now, you can identify the IAM users and roles with the highest levels of API activity during both periods of anomalous activity, and normal activity. This capability helps you analyze and act on anomalies without manually searching through a large number of CloudTrail events.

Amazon CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your Amazon Web Services account. CloudTrail Insights, a feature of CloudTrail, helps you identify anomalous operational activity in your Amazon Web Services accounts such as spikes in resource provisioning, bursts of Amazon Identity and Access Management (IAM) actions, or gaps in periodic maintenance activity.  

To get started, you'll need to have CloudTrail Insights enabled on at least one trail. After you log Insights events, choose an Insights event in your Amazon CloudTrail console to view the event's details, and open the Attributions tab. You'll see statistics about up to the top five user identities, user agents, and error codes associated with the Insights event.  

To learn more about Amazon CloudTrail Insights, see the Amazon CloudTrail page.