The Amazon Cloud trail logs come in on UTC time format as many cloud providers use. So any activity needs to factor in the time difference for your timezone.
AWS cloud trail log activity
Each widget details a specific log type to be reported on, such as
Cloud Trail Log Activity -This provides a summary of the event log rates over time for today.
Event by name - The event name is if the event name from Cloud Trail relating to the activity in the log type.
SRC ADDR - the source address of the activity either FQDN or IP as provided in the event
User Name - the user that triggered the event
User type - the users role and type
User agent - the application that was related to creating the event
Lambda Cold Start Events by Username -The request was made by Lambda and by the logged userid.
Customer Allocated IP Address Reports - This shows the logs from the allocated IP address on the requests.
Events using Stolen Lambda Credentials - This shows the potential stolen Lambda credentials being reused for other session.
Some examples of the dashboards for this area is below.
