Parsing CloudTrail logs to check CMK activities
The CMK access can be viewed in the CloudTrail in a customer's AWS account by tracking the Clumio KMS activities with the following usernames:
- 'KMS-backup' - Used during the Backup operations
- 'KMS-post-processing' - Used during the Post-processing work (FLI) operations
- 'KMS-restore' -Used during the Restore operations
Any operations performed on the Clumio CMK apart from the above usernames should be reported and analyzed thoroughly by your security team.
Please reach out to support@clumio.com with any questions.
Comments
0 comments
Please sign in to leave a comment.