• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

How to Query AWS CloudTrail Logs with Athena

by wing

AWS CloudTrail logs all the API calls made to the AWS account. You do not require any tool to view  the last 90 days of events. But if you want to view the logs older than three months you have to setup a S3 bucket to store it  and then you can analyse the logs.  This post aims to show you how you can use AWS Athena to view AWS logs stored in S3 bucket.

You can view the last 90 days of events. Choose an event to view more information about it. To view a complete log of your CloudTrail events, create a trail and then go to your Amazon S3 bucket or CloudWatch Logs.

Create a CloudTrail and store the logs in a S3 bucket

To create a trail, search for CloudTrail and then click on “create trail”. You can use a already created s3 bucket to store the logs or you can opt to create a new bucket while creating the trail.

create aws cloudtrail

Create a table for Athena

Once you finish creating the trail and assign a S3 bucket to it, you need to create a table in Athena.  Click on “event history” in the CloudTrail dashboard and then click on “Run advanced queries in Amazon Athena”.

run advanced queries in amazon athena

Next, select the bucket that you created for storing your logs and then click on “Create Table”.

create a table in Amazon Athena

Run the queries in Athena

Open the Athena dashboard and select the table. Next run the query. For instance to run the query for the event named ‘GetAccountPublicAccessBlock’.

select eventTime, eventName from cloudtrail_logs_your_bucket_name where eventName like ‘GetAccountPublicAccessBlock’

select eventTime, eventName from cloudtrail_logs_your_bucket_name where eventName like ‘DeleteActivity’

select eventTime, eventName from cloudtrail_logs_your_bucket_name where eventType like ‘AwsApiCall’

Note: replace the “your_bucket_name” by your own bucket name.

run query in Athena

Alternative solutions to query logs in S3 buckets

AWS ElasticWolf Client Console-https://aws.amazon.com/tools/aws-elasticwolf-client-console/

S3browser- http://s3browser.com/

Related Posts:

  • No Related Posts

Filed Under: AWS Tagged With: athena, cloudtrail, logs

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 3 Steps to Install Miniku...
  • How to install a new Goda...
  • 63 Web Application Securi...
  • How to Renew Self-Signed...
  • How to Setup AWS CloudFro...
  • Host Based IDS vs Network...
  • 8 Effective Ways to Impro...
  • Active vs Passive FTP Mod...
  • How to Configure AAA (TAC...
  • Top 10 RFID Security Conc...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com