> For the complete documentation index, see [llms.txt](https://oklencodes.gitbook.io/untitled/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oklencodes.gitbook.io/untitled/cloud/aws/using-different-aws-services-with-splunk/cloudtrail/features-of-cloudtrail.md).

# Features of CloudTrail

As with many AWS services, CloudTrail is designed with a range of features to boost security and make the management of your AWS estate easier.

Here are the core features of CloudTrail:

* Log file encryption — CloudTrail offers the option to encrypt logs with your AWS Key Management Service (KMS) key, meaning the sensitive information can only be accessed by intended parties.
* Log file integrity validation — this feature detects modifications or deletions of log files stored in S3 buckets to help improve non-repudiation.
* Insights — this feature alerts users to spikes in traffic (e.g., by the number of API calls) or services hitting rate limits, allowing for corrective actions to be taken to improve resource provisioning.
* Data events and management events — these provide information about actions taken within the API or management console of your AWS platform. This helps with compliance, security monitoring, and troubleshooting. Information includes AWS account, IAM role, IP address, and more.
* Integrations — CloudTrail can be integrated with other AWS services such as Lambda or CloudWatch to automate the processing of logs and responses to alerts of suspicious or unwanted activity, removing the burden from your IT team and speeding up incident response.

<figure><img src="/files/UlZXLXmgyzFI2n2elnwL" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://oklencodes.gitbook.io/untitled/cloud/aws/using-different-aws-services-with-splunk/cloudtrail/features-of-cloudtrail.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.