AWS CloudTrail
Log AWS API activity as changes via EventBridge to correlate infrastructure changes with incidents.
Quick Setup
Copy Webhook URL
Go to your Alert24 dashboard and copy the webhook URL for AWS CloudTrail.
Configure AWS CloudTrail
Add the webhook URL in your AWS CloudTrail settings.
Auto-Detected
Alert24 auto-detects AWS CloudTrail payloads and maps them to incidents.
Step-by-Step Setup Instructions
AWS CloudTrail Webhook Setup
- Source: aws.cloudtrail or specific service sources
- Filter by detail.eventSource and detail.eventName as needed
Example Webhook Payload
This is a sample payload that AWS CloudTrail sends to Alert24 when an alert fires.
{
"version": "0",
"source": "aws.cloudtrail",
"detail-type": "AWS API Call via CloudTrail",
"detail": {
"eventSource": "iam.amazonaws.com",
"eventName": "CreateUser",
"userIdentity": {
"type": "IAMUser",
"userName": "admin"
},
"awsRegion": "us-east-1",
"sourceIPAddress": "203.0.113.50",
"requestParameters": {
"userName": "new-user"
},
"responseElements": null
}
}How Alert24 Maps AWS CloudTrail Data
Status Field
detail.errorCode
Message Field
detail.eventName
Auto-Create Incidents
Yes
Auto-Resolve Incidents
No
Status Mapping
| Alert24 Status | AWS CloudTrail Values |
|---|---|
| operational | |
| down | UnauthorizedAccessAccessDeniedClient.UnauthorizedAccess |
Track AWS Infrastructure Changes
Track changes for incident correlation and AI root cause analysis
- 1Create an EventBridge rule matching CloudTrail API events
- 2Create an API destination with your Alert24 Changes Webhook URL
- 3Add the API destination as the rule target
Alert24 auto-detects CloudTrail event payloads and extracts the AWS service, operation, user, and region.
Changes are logged per service. Copy the Changes Webhook URL from your service page in Alert24. When an incident occurs, recent changes are surfaced automatically with AI-powered root cause analysis. Learn more →
Connect AWS CloudTrail to Alert24 in minutes
Free plan includes 5 monitors, 1 status page, and incident management. No credit card required.
More Cloud Platforms Integrations
AWS CloudWatch
InboundReceive CloudWatch alarm notifications via SNS webhook.
Azure Monitor
InboundReceive Azure Monitor alerts and log Activity Log changes to correlate infrastructure changes with incidents.
Azure Service Health
InboundReceive Azure Service Health incident, maintenance, and advisory notifications.
Azure Resource Health
InboundReceive Azure Resource Health notifications for individual resource availability.
Google Cloud Monitoring
InboundReceive Google Cloud Monitoring (formerly Stackdriver) alerts.
Google Cloud SCC
InboundReceive Google Cloud Security Command Center threat and vulnerability findings via Pub/Sub.