/
AWS-CloudTrail-CloudTrail-File-Validation

AWS-CloudTrail-CloudTrail-File-Validation

Owned by naveen
Last updated: May 31, 2022
1 min read

Severity: High

Description: This policy identifies AWS CloudTrails in which log validation is not enabled in all regions. CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was modified after CloudTrail delivered the log. It is recommended that file validation be enabled on all CloudTrails.

Remediation Steps:

Perform following to enable cloud-trail log validation:

  1. Login to the AWS Management Console at https://console.aws.amazon.com/cloudtrail/ .

  2. In the console, select the specific region from region drop down on the top right corner, for which the alert is generated.

  3. Click on Trails and each trail reported, click on trail. Edit the General Details and under Additional settings select Enable for Log file validation.

Reference:

 

Related content

AWS-IAM-Users-Without-MFA
AWS-IAM-Users-Without-MFA
Blue Hexagon Documentation
Read with this
AWS-ES-Kibana-Auth-Without-Amazon-Cognito
AWS-ES-Kibana-Auth-Without-Amazon-Cognito
Blue Hexagon Documentation
Read with this
AWS-S3-S3-Bucket-All-Users-Policy
AWS-S3-S3-Bucket-All-Users-Policy
Blue Hexagon Documentation
Read with this
AWS-CloudTrail-CloudTrail-Delivery-Failing
AWS-CloudTrail-CloudTrail-Delivery-Failing
Blue Hexagon Documentation
Read with this
AWS-CloudTrail-CloudTrail-Encryption
AWS-CloudTrail-CloudTrail-Encryption
Blue Hexagon Documentation
Read with this
AWS-CloudTrail-CloudTrail-To-CloudWatch
AWS-CloudTrail-CloudTrail-To-CloudWatch
Blue Hexagon Documentation
Read with this

Blue Hexagon Proprietary