> For the complete documentation index, see [llms.txt](https://books.spartan-cybersec.com/cpna/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://books.spartan-cybersec.com/cpna/fundamentos-del-blue-team-en-aws/amazon-cloudtrail.md).

# Amazon Cloudtrail

AWS CloudTrail permite la auditoría, el monitoreo de la seguridad y la solución de problemas operativos a partir del seguimiento de la actividad del usuario y el uso de la API. CloudTrail registra, monitorea de forma continua y retiene la actividad de la cuenta relacionada con las acciones en toda la infraestructura de AWS, lo que le permite controlar las acciones de almacenamiento, análisis y reparación.

Este servicio rastrea y monitoriza las llamadas a la API de AWS realizadas dentro del entorno. Cada llamada a una API (evento) se registra. Cada evento registrado contiene:

* El nombre de la API llamada: eventName
* El servicio llamado: eventSource
* La hora: eventTime
* La dirección IP: SourceIPAddress
* El método del agente: userAgent. Ejemplos:
* Signing.amazonaws.com - Desde la consola de administración de AWS
* console.amazonaws.com - Usuario raíz de la cuenta
* lambda.amazonaws.com - AWS Lambda
* Los parámetros de la solicitud: requestParameters
* Los elementos de la respuesta: responseElements

```json
{
    "eventVersion": "1.05",
    "userIdentity": {
        "type": "IAMUser",
        "principalId": "EXAMPA1234B56789C123",
        "arn": "arn:aws:iam::123456789012:user/developer",
        "accountId": "123456789012",
        "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
        "userName": "developer"
    },
    "eventTime": "2022-10-21T15:00:00Z",
    "eventSource": "ec2.amazonaws.com",
    "eventName": "StartInstances",
    "awsRegion": "us-west-2",
    "sourceIPAddress": "203.0.113.42",
    "userAgent": "aws-cli/1.16.310 Python/3.6.0 Windows/10 botocore/1.13.50",
    "requestParameters": {
        "instancesSet": {
            "items": [
                {
                    "instanceId": "i-1234567890abcdef0"
                }
            ]
        }
    },
    "responseElements": {
        "startingInstances": {
            "items": [
                {
                    "instanceId": "i-1234567890abcdef0",
                    "currentState": {
                        "code": 16,
                        "name": "running"
                    },
                    "previousState": {
                        "code": 80,
                        "name": "stopped"
                    }
                }
            ]
        }
    },
    "requestID": "59abcdfe-5b4c-123d-8e7f-example12345",
    "eventID": "1c2b3a4d-5e6f-7g8h-9i0j-exampleklmnop",
    "eventType": "AwsApiCall",
    "recipientAccountId": "123456789012"
}

```

Enlace para acceder: 

{% embed url="<https://aws.amazon.com/es/cloudtrail/>" %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://books.spartan-cybersec.com/cpna/fundamentos-del-blue-team-en-aws/amazon-cloudtrail.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.