Review AWS Events in Tenable Security Center

To review AWS Events in Tenable Security Center:

  1. Navigate to Tenable Security Center and log on with a user account that has permission to view logs for the organization.

    A dashboard that corresponds to the user role appears.

  2. In the top navigation bar, click Analysis, and then click the Events link.

    The Event Analysis page appears, displaying the Type Summary section.

  3. Click the Type Summary button, and then select Normalized Event Summary.

    The Normalized Event Summary section appears.

  4. In the upper-left corner of the page, click .

    The Filters pane appears.

  5. Click the Select Filters button

  6. In the Add Filter window, select Normalized Event.
  7. Click the Apply button.

  8. Click the Normalized Event box.

  9. In the Normalized Event window, type AWS-*.
  10. Click OK.

  11. In the Filters pane, click the Apply All button.

    In the Normalized Event Summary section, the list of events is filtered and displays only events that start with AWS-.

    The AWS events available will be based on the monitored activity logged by AWS CloudTrail. For a list of specific events, you can click an AWS event type (e. g., AWS-Console_Login) listed in the Normalized Event Summary section. You can also click the Jump to Raw Syslog Events link to directly view the log data.

  12. At the top of the Event Analysis page, click the Normalized Event Summary button, and then select Detailed Event Summary.

    The Detailed Event Summary section appears.

    For a list of specific events, click an AWS event (e. g., ConsoleLogin) listed in the Detailed Event Summary section.