Wazuh is a Host-based Intrusion Detection service provided by CloudAware via Kibana platform user interface. Wazuh is available via CloudAware Launcher.
...
Customers may also choose to deploy a hybrid approach where some agents use CloudAware-managed IDS servers and some agents user customer-managed IDS servers.
IDS Status
If Intrusion Detection module is deployed, the tile 'IDS status' on an instance may display 3 values:
- Monitored
- Not monitored
- Under Attack
Why Scanning Is Necessary?
- Not all modifications are captured by Cloudtrail
- Cloudtrail can be turned off by mistake or intentionally
- There is a 15-30 minute delay between a change event and a Cloudtrail record.
- Not all regions including gov regions support Cloudtrail service
...
Flow of Changes
Regardless of how change is made, via command line, amazon management console or some other 3rd party tool it ends up in Cloudaware. Using change detection mechanism, change detectors update respective objects in CMDB.
Terminated or Deleted Objects
Once objects are deleted from AWS or, for example, an instance is terminated, they are still available for viewing, reporting and filtering in CloudAware CMDB. By default, objects remain visible in CMDB for 2 weeks after they have been deleted in AWS. However, this retention period can be increased.
All objects in CMDB have a field Deleted From AWS. This field is blank when an object is present and visible in the AWS console. Once the object has been deleted from AWS, this field will be populated with a date and time value.
Working With CloudTrail
CloudTrail is a service within AWS that provides a log of all API requests. The logs contain information about nature of the request such as:
- Who made the request
- At what time
- From what IP address
- Using which Amazon Library or tool
- Request and Response Parameters
...
- Using interactive CloudTrail main Tab
- From CloudTrail Tab on any CMDB object
- Using Cloudaware Reports
Main Tab
Once in the main tab, Cloudtrail data be searched for specific object using the search box. 
Additional events can be filtered by type. For example if we wanted to only events that were either change, create or delete events, performed by a certain user, we could this as shown below. 
Object Tab
While looking at any object in CMDB, user can click on Show Cloud CloudTrail button to view relevant Cloudtrail events. 
Similarly if we are looking at an IAM user in CMDB, we can very quickly see what are the recent AWS activities of this user by clicking on CloudTrail tab in the IAM User Object.
Reports
Another powerful way in which CloudTrail events can be utilized is via Cloudaware Reports. Cloudaware come with a powerful report builder where we can zoom in specific CloudTrail events that meet our criteria. Reports can be scheduled, emailed, and converted to dashboards. Here is an example of a Daily Digest Report that summarizes all important changes throughout the day.
More information about building reports in Salesforce is available here and here.