Receive and enrich cloud root login notifications in AWS using Tines and CloudTrail logs

This receives SNS notifications for cloud root logins to a Tines webhook. An initial email alerting the team of the login will be sent by Tines. Then, the AWS CloudTrail logs for the root user during a 10 minute period of the alert will be queried. The IPs linked to each logged event in CloudTrail will be enriched to identify the location. Then, an email with the enriched logs of actions done by the root user will be sent to the team for further analysis.

Tools

AWS

How it works

Import this story to your tenant, from where you can adapt it to meet your unique needs.

Import

Was this story helpful?

Get to know Tines

Meet the product

Features and capabilities

Cases

Workbench

AI in Tines

Build apps

What’s new?

Solutions

By product

Professional services

By team

Tines for

Partners

Federal

MSSPs

Learn

Library

University

Tines Explained ^↗

Discover

Blog

Case studies

Company

About

Careers

Stay in touch

Contact

Slack Community ^↗

Newsroom