Is Lacework planning to support the scanning of CloudTrail's S3 Data Event Logs, which include actions like PUT, GET, HEAD, etc.?
This capability would be instrumental in identifying potentially compromised accounts or detecting leaked access keys.
If this feature is in the roadmap, what is the anticipated timeline for its roll-out?
Reference: https://repost.aws/knowledge-center/cloudtrail-data-management-events
Agent
N/A
Platform
Using Lacework/Operationalizing
Cloud
AWS
Hi
That covers a large range of detections from multiple sources, including Cloudtrail and also Lacework’s anomaly detection and threat intel.
Would be good to understand if there is additional value in bringing in S3 data event log scanning and what scenarios of account compromise it can help us detect that we aren’t already. Would love your insights on this - please post here and/or send me a private message.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
