Earlier, I mentioned that Amazon Macie can identify and spot any irregular or suspicious activity sitting outside of what Macie would consider normal boundaries of operations, potentially identifying a new security threat using AWS CloudTrail logs. Using historical data to review access patterns, Amazon Macie uses AI/machine learning to identify potential security weaknesses and threats from different users, applications, and service accounts.
As you can see, Amazon Macie offers two features to identify threats – AWS CloudTrail events and AWS CloudTrail errors:
Let's go over these features one by one.