Monitor Amazon Web Services (AWS)

The Tenable Log Correlation Engine Web Query Client queries the AWS CloudTrail API in order to monitor events supported by CloudTrail. These events can be viewed in Tenable Security Center and used to identify irregular activity in AWS. In order to monitor CloudTrail events, you must enable CloudTrail, attach the necessary policy to IAM users or groups, and configure the Web Query Client policy to make calls to the CloudTrail API. Additionally, you can limit the amount of bandwidth the Web Query Client will use when communicating with CloudTrail, and monitor the hardware statistics of the host where the Web Query Client is installed.