1. Features
   1. Always on
   2. Deliver ongoing events for storage or monitoring
      1. S3
      2. CloudWatch
      3. EventBridge
   3. Multi-region
   4. Multi-account
   5. Log file integrity validation
   6. Log file encryption
   7. CloudTrail Insights
   8. CloudTrail Lake
      1. Event Data Store
      2. Run SQL queries
      3. Hands-on demo video (12min)
2. CloudTrail Logs
   1. Query with Amazon Athena
   2. Monitor with CloudWatch Logs
      1. Alarms
      2. Notifications
   3. Partners
      1. Log Management and Analysis
      2. Services
3. Monitors and records
   1. AWS user activity
   2. AWS API usage
   3. Support for AWS Organizations
4. CloudTrail event types
   1. Management or control plane events (default)
   2. Data (data plane) events
   3. CloudTrail Insights events
5. Typical use cases
   1. Audit activity
   2. Identify security incidents
   3. Troubleshoot operational issues
6. Security best practices
   1. Detective
      1. Create a trail
      2. Apply trails to all AWS Regions
      3. Enable CloudTrail log file integrity
      4. Integrate with Amazon CloudWatch Logs
   2. Preventative
      1. Log to a dedicated and centralized Amazon S3 bucket
      2. Use server-side encryption with AWS KMS managed keys
      3. Add a condition key to the default Amazon SNS topic policy
      4. Implement least privilege access to Amazon S3 buckets where you store log files
      5. Enable MFA Delete on the Amazon S3 bucket where you store log files
      6. Configure object lifecycle management on the Amazon S3 bucket where you store log files
      7. Limit access to the AWSCloudTrail_FullAccess policy
7. AWS CloudTrail Security Blogs
8. AWS re:Post questions for AWS CloudTrail
9. AWS CloudTrail FAQs
10. Free Cybersecurity Training
11. AWS CloudTrail Pricing
12. AWS CloudTrail User Guide