Detect Suspicious Activity in Your AWS Account by Using Private Decoy Resources
Start with a search for the “CloudTrail” service from the AWS dashboard:
Click on the “Create a trail” button from the CloudTrail dashboard:
Click on the “Create trail” button after typing the name of the trail:
Once the CloudTrail is created, simply head into the S3 bucket attached to the trail by clicking on its link:
In the S3 bucket, the log file has been created which will create files for each activity and then click on the “Upload” button:
Click on the “Add files” button or Drag and drop the file to upload in the S3 bucket:
The file is added to the “Files and folders” section:
After that, simply scroll down the page to click on the “Upload” button:
Once the file is uploaded to the S3 bucket, simply head into the AWSLogs link to detect activities:
Simply click on the account ID link from the page:
Head into the “CloudTrail” by clicking on its link:
Head into the region by clicking on its link:
Click on the year to head into it:
Then, comes the month in which the activity occurred, simply head into it:
After that, click on the date:
Here the platform placed the “JSON,” which contains the trail of the activities:
You have successfully created a trail on the CloudTrail dashboard.
Conclusion
To detect suspicious activities in your AWS account, simply head into the CloudTrail service and create a trail that will create files for each activity with its data and region. All the files are placed inside the S3 bucket created at the time of trial creation, and the files can be downloaded from the S3 bucket. If the user is suspected of any suspicious activity, simply head into the S3 bucket and download the JSON file.
