🔷

CloudTrail Insights

Detects unusual operational activity in an AWS account by analyzing management events.

Examples of Detected Anomalies

Sudden spikes in resource provisioning.

Attempts that hit AWS service limits.

Bursts of IAM-related actions.

Missing or delayed recurring maintenance actions.

How It Works

Builds a baseline of normal API write activity over time.

Continuously compares new write events against the baseline.

Flags deviations as anomalies.

When an Anomaly Occurs

An Insights event is displayed in the CloudTrail console.

Event details are delivered to Amazon S3.

An Amazon EventBridge event is generated for automation or alerting.