AWS – CloudTrail Lake now supports event enrichment and expanded event size

Today, AWS announces two enhancements to CloudTrail Lake: Event enrichment, which makes it easier to categorize, search, and analyze your AWS activity; and expanded event size, which improves visibility into API actions for more comprehensive security analysis. CloudTrail Lake is a managed data lake that enables you to aggregate, immutably store, and analyze your activity logs at scale.

With event enrichment, you can enrich your CloudTrail management and data events with additional information relevant to your business context. You can append resource tags and select AWS global condition keys to your events, making it easy to categorize, search, and analyze your AWS activity. Using resource tags in your events, you can easily create application-specific activity reports, or view AWS API activity based on the properties of the IAM principal. For example, you can see all delete actions taken by principals with a specific Principal Tag. Event enrichment integrates with CloudTrail Lake’s analytical capabilities, including AI-powered natural language query and summarization (Preview).

With expanded event size, you can now expand events size to up to 1 MB, a significant increase from the 256 KB limit. This reduces the need for CloudTrail to truncate events, giving you higher visibility into API actions for a more comprehensive security analysis.

To get started, enable event enrichment and expanded event size through the AWS Management Console or AWS APIs on your CloudTrail Lake event data stores. These features are available in AWS commercial regions where CloudTrail Lake is available. To learn more, see CloudTrail documentation.
 

Read More for the details.