AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
1 Data Sources
3 Templates
0 Downloads
Updated 3 days ago
CLI Install (Vendor)
Management
3 Templates
🗑️ CloudTrail Delete Trail Event
Management API call to delete a CloudTrail trail
Records when an AWS CloudTrail trail is deleted via the DeleteTrail API operation. This is a critical management event that should be monitored for compliance and security purposes.
Frequencyenum.low
JSON
aws
cloudtrail
management
delete
audit
compliance
Compliance:
SOC 2
PCI DSS
HIPAA
SOX
FedRAMP
Security: High
When Generated:
- When a user or service deletes a CloudTrail trail via AWS Console
- When DeleteTrail API is called programmatically
- During automated cleanup processes
- When trails are removed due to cost optimization
Frequency Notes: Low frequency event - trail deletions are typically infrequent administrative actions
CLI Install
📸 EC2 Create Snapshot
EBS volume snapshot creation event
Records when AWS EC2 EBS volume snapshots are created via the CreateSnapshot API. Snapshots are point-in-time copies of EBS volumes used for backup, disaster recovery, and data migration.
Frequencyenum.high
JSON
aws
ec2
ebs
snapshot
backup
data-protection
Compliance:
SOC 2
PCI DSS
HIPAA
GDPR
SOX
ISO 27001
Security: Medium
When Generated:
- During automated backup processes (typically nights/weekends)
- Before major system updates or deployments
- For disaster recovery preparation
- When migrating data between regions or accounts
- During security testing (red team activities)
- For development environment provisioning
- Before risky maintenance operations
Frequency Notes: High frequency - automated backup systems create many snapshots, especially during off-hours
CLI Install
🗑️ IAM Delete Policy Event
Management API call to delete an IAM policy
Records when an AWS IAM policy is deleted via the DeletePolicy API operation. This is a critical security event as it permanently removes permission definitions that may be attached to users, groups, or roles.
Frequencyenum.low
JSON
aws
iam
policy
delete
security
permissions
Compliance:
SOC 2
PCI DSS
HIPAA
SOX
ISO 27001
NIST
Security: Critical
When Generated:
- When an administrator deletes an IAM policy via AWS Console
- When DeletePolicy API is called programmatically (CLI, SDK, Terraform)
- During automated policy cleanup processes
- When cleaning up test or temporary policies
- During security incident response (removing compromised policies)
Frequency Notes: Low frequency event - policy deletions are infrequent but critical administrative actions
CLI Install