AWS CloudTrail monitors and records account activity across your AWS infrastructure, giving you control over storage, analysis, and remediation actions.
AlertOps’ alert management system can be integrated with CloudTrail to receive and respond to critical (predefined status mappings) alarms/alerts through email, SMS, push notification or phone alerts. AlertOps would ensure that the alert would reach the appropriate team by using proper workflows, escalation policies and schedules. Based on your ruleset, incidents can be automatically opened and closed, depending on whether CloudTrail reports a problem or a recovery.The above scenario and scope for integration is due to the fact that AlertOps has a very flexible and simple API/Webhook configuration feature that can be leveraged with CloudTrail’s auditing and action capabilities.
You can send alerts from CloudTrail’s to AlertOps.
- AlertOps will automatically create an incident when a new alert is received from CloudTrail when the Message^NewStateValue contains “ALARM”.
- If an alert with status “ALARM” matches an existing Open Alert, AlertOps will recognize the new alert as a duplicate and ignore the alert.
- The alert will be recorded in the Inbound Messages table as “Mapped Appended.”
- AlertOps will automatically close the same incident when an alert with Message^NewStateValue contains “OK/INSUFFICIENT”.
These are examples of just some of the things you can do with CloudTrail and AlertOps