...
AWS cloud trail log activity
Each widget details a specific log type to be reported on, such as
Cloud Trail Log Activity -
Event by name
SRC ADDR the source address of the activity either FQDN or IP as provided in the event
User Name - the user that triggered the event
User type - the user role and type
User agent -
Lambda Cold Start Events by Username -
Customer Allocated IP Address Reports -
Events using Stolen Lambda Credentials -
Some examples of the dashboards for this area is below.
AWS Flow logs
The specific log types in the widgets are for VPC flow activity
Logs Activity -
logs by system -
logs Action -
Logs DestAddr -
Logs Dest Port
Logs Protocol -
Logs SrcAddr -
Logs Src Port -
Some examples of the dashboard items are below
AWS WAF logs
The specific log types in the widgets are for WAF activity.
Log Activity over time -
Log Activity by System -
Log Activity Client IP
Log HTTP Source -
Log HTTP Method -
Log Action -
Log Network Port -
Log Country of origin -
Some example of the dashboard items are below.