Skip to main content

CloudTrail

The CloudTrail Matano managed log source lets you ingest your AWS CloudTrail logs directly into Matano.

Usage

Use the managed log source by specifying the managed.type property in your log_source as AWS_CLOUDTRAIL.

managed:
type: "AWS_CLOUDTRAIL"

Transformation

CloudTrail data is normalized to standard ECS fields. Custom fields are normalized into the aws field. You can view the complete mapping to see the specific field mappings.