Configure AWS CloudTrail by Subscribing to Existing Events

You can also configure an existing EventBridge rule to ingest CloudTrail events into Tenable Cloud Security.

To connect to an existing AWS CloudTrail account by subscribing to an existing EventBridge bus:

1. In the AWS SNS console, create an SNS topic to send CloudWatch events to Tenable Cloud Security.

   For more information, see Creating an Amazon SNS topic in the Amazon Simple Notification Service documentation.

2. Subscribe to the SNS topic with the following values:

   • Protocol: HTTP/HTTPS

   • Endpoint: Copy the endpoint URL from Tenable Cloud Security and paste it in the Endpoint box.

     For more information, see Subscribing to an Amazon SNS topic in the Amazon Simple Notification Service documentation.

3. Create an EventBridge rule to collect all CloudWatch events in your AWS account with the following information:

   • Select the SNS topic created in the previous step as the target for the EventBridge rule.

   • Use the following JSON for Event pattern:

     Copy

     {
       "detail": {
         "readOnly": [false]
       },
       "detail-type": ["AWS API Call via CloudTrail"]
     }

   For more information about creating an EventBridge rule, see Creating a CloudWatch Events Rule That Triggers on an Event.

Tenable Cloud Security connects to the AWS CloudTrail account and now receives event logs.