# Appendix 4 – AWS Log Ingestion Cost Estimates

You will incur some costs outside of Vectra's pricing as part of this solution, these costs should be quite small.

For a medium sized organization who have Management & Data events enabled, we estimate around 300GB of CloudTrail logs per month will be generated. The total costs for this much log data should be \~$22.80 per month.

## AWS CloudTrail Management Events

AWS CloudTrail records management that happen on your system, and Vectra uses these events to detect malicious activity.

CloudTrail is free for your first copy of management events, and is $2.00 per 100,000 extra copies of management events.

For a medium sized organization, generating around 300GB of CloudTrail logs per month, the total cost would be $12.

## S3 Bucket Storage

CloudTrail logs events to an S3 Bucket, and you will need to pay for storage and API requests.

CloudTrail will make an API call to S3 every 5 minutes, 8760 per month. Vectra will also make GET requests at a similar speed. This will cost $0.10 per S3 CloudTrail log.

S3 Storage itself costs $0.0023 per GB per month.

For a medium sized organization, generating around 300GB of CloudTrail logs per month, the total cost would be $1.80.

## SNS Topic

Vectra will use an SNS Topic on your Account to notify us when new CloudTrail events have been generated.

A new notification should be published every 5 minutes (8760 per month), and you are allowed 1 million free requests per month, and costs $0.50 per million notifications after that.

For a medium sized organization, which is generating around 300GB of CloudTrail logs per month, the total cost would be $3.00.

## S3 Data Event Cost

For S3 Data Events, the volume is not easily predictable by Vectra and will vary by organization and usage patterns. Customers will pay $0.10 per 100,000 events. Vectra would not recommend logging be enabled for publicly accessible or high usage S3 buckets unless the use case dictates the level of analysis that Vectra provides.

## Managing storage of CloudTrail Data Events

By default, all log files in a S3 bucket will be stored indefinitely. Vectra does not require the data events to be stored after ingestion by Vectra for analysis. It is a best practice for organizations to retain CloudTrail logs per their IT policies. Log ingestion by Vectra is quick process. 7 day retention in AWS is more than adequate for Vectra’s use, but your organization’s polices may require longer retention.

For long term retention and cost-effective storage, the organization can leverage S3 Object Lifecycle Management. [Guidance can be found here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html).

## Transfer Costs to the Vectra Cloud

The way the system is architected, there are no costs for the customer to transfer this data.