
Build dashboards, automate reports, and ask questions in plain English — all from your CloudTrail data, no complex infrastructure to maintain.
Have multiple CloudTrail accounts? Analytics across multiple CloudTrail accounts →
Want it to watch your CloudTrail data and act on its own? Meet the CloudTrail agent →
AWS CloudTrail management-event data modeled into business objects. The connector reads a single management_events stream (CloudTrail's LookupEvents API), which captures every control-plane API call across AWS — the actor, the action, the source service, and the resources touched — forming the basis for security auditing, change tracking, and operational analytics.
Control-plane API activity recorded by CloudTrail — each event's name, source service, timestamp, read-only flag, and full raw event payload; the core record for audit trails, change tracking, anomaly detection, and API-call volume analysis across AWS.
The identity that performed each event — username and AWS access key ID; enables attribution of API activity to principals, detection of credential misuse, and per-actor activity reporting for security and access governance.
The AWS resources referenced by each event — resource name and resource type; enables tracing which resources are most frequently modified, mapping activity to specific infrastructure components, and impact analysis of changes.
Authenticate CloudTrail in a few clicks. OAuth, API key, or IAM role — we handle secrets and rotation.
We pull every stream into your warehouse. CDC where the API supports it; full + incremental otherwise. Hourly-or-faster, row-level secure.
SQL, dashboards, or ask Fi in plain English. Your CloudTrail data lives next to every other source — ready to join.
We'll set up a live sync and answer your first questions — on the call.
Build your own with the Definite SDK, or request it. Most go live in days.
Join CloudTrail with the rest of your data, then ask Fi questions across all of it.