A CloudTrail rule will alert you to activity in your linked AWS CloudTrail Service.
To create a CloudTrail Rule:
1. Select CloudTrail Rule from the table list.
2. Choose the severity of the alert (Black).
3. Define a Rule Name (Red).
4. Define an Alert Title (Orange).
5. Define an Alert Description (Yellow), which can be as simple as mirroring the title, or adding more detail.
6. Choose whether you want to Aggregate Files (Green). More on Aggregates here
7. Choose whether you want to group alerts by threshold (Blue). More on Threshold here
8. Click Next: Filter.
The rule will be created and you will be brought into the rule.
A filter is the heart of the rule where you define the logic for when the alert should fire.