AWS-CloudTrail-CloudTrail-File-Validation
- naveen
Severity: High
Description: This policy identifies AWS CloudTrails in which log validation is not enabled in all regions. CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was modified after CloudTrail delivered the log. It is recommended that file validation be enabled on all CloudTrails.
Remediation Steps:
Perform following to enable cloud-trail log validation:
Login to the AWS Management Console at https://console.aws.amazon.com/cloudtrail/ .
In the console, select the specific region from region drop down on the top right corner, for which the alert is generated.
Click on Trails and each trail reported, click on trail. Edit the General Details and under Additional settings select Enable for Log file validation.
Reference:
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-update-a-trail-console.html
Â
Blue Hexagon Proprietary