Intermediate Pro

Monitoring AWS CloudTrail using Wazuh

Using Suricata IDS alerts inside Wazuh to detect malicious traffic

Self-Paced by Rajneesh Gupta

Overview

This project walks you through integrating AWS CloudTrail with Wazuh to monitor and alert on AWS account activity. CloudTrail records all API calls (via AWS Console, CLI, or SDK), delivers them to an S3 bucket, and Wazuh’s aws-s3 module ingests and parses these logs for security visibility.

By the end of this project, you will:

  • Enable a CloudTrail trail and configure it to deliver logs to S3.
  • Configure Wazuh to fetch and decode CloudTrail logs from S3.
  • Generate AWS activity and verify alerts inside Wazuh Dashboard.

What You'll Learn

  • CloudTrail Integration

    How to forward CloudTrail logs into Wazuh using the aws-s3 module.

  • Real-time Security Visibility

    Detect suspicious or risky AWS actions like IAM changes or public S3 policies.

  • Hands-on AWS Security Monitoring

    Practical skills to monitor, alert, and investigate cloud account events.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.