USM for AWS provides you with operational visibility into the security of your AWS environment. Analyzing data generated by your environment USM for AWS provides real-time alerting to identify malicious activity. Now you will be able to answer questions such as:
- Have my API credentials been compromised?
- Have I configured my security groups securely?
- Has anyone created new user accounts?
- Are new instance types being used in my environment?
- Where are my teammates accessing amazon from?
To answer these questions you will gather data from your environment that will then be analyzed by USM for AWS to detect malicious activity and suspicious behavior. At it's best the following information will be collected from your environment.
- Monitor the AWS CloudTrail Log
- Monitor ELB Access Logs
- Monitor S3 Access Logs
- Monitor the operational logs for any critical software packages deployed. For example - HTTP Servers, Database Servers, etc.
- Monitor the OS-level logs for any critical instances
- Perform asset profiling on your instances to monitor installed software packages, running processes and services
- Perform periodic vulnerability assessments