Im trying to show what users logged into AWS with an assigned role and what they accessed/changed.
Is there a specific AWS audit log I need to have ingested?
We have people making changes with no documentation of when they did a change or when they logged in.
Hi @Dallastek1,
Are you already ingesting any AWS logs in Splunk? If you are, could you please share which log types you are collecting or share a sample of the logs, so we can help you build a query?
Also, if you do not have any AWS logs in Splunk, I would suggest you to start collecting AWS CloudTrail logs.