Quick Info
| Plugin Title | CloudTrail File Validation |
| Cloud | AWS |
| Category | CloudTrail |
| Description | Ensures CloudTrail file validation is enabled for all regions within an account |
| More Info | CloudTrail file validation is essentially a hash of the file which can be used to ensure its integrity in the case of an account compromise. |
| AWS Link | http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-enabling.html |
| Recommended Action | Enable CloudTrail file validation for all regions |
Detailed Remediation Steps
- Log into the AWS Management Console.
- Select the “Services” option and search for “CloudTrail”.
- In the “Dashboard” panel click on “View trails” button.
- Select the “trail” that needs to be verified under “Name” column.
- Scroll down and under the “Storage location” option check for “Enable log file validation”. If its status is “No” the selected trail does not support file validation.
- Click on the pencil icon to get into “Storage location” configuration settings. Scroll down and click on “Yes” next to “Enable log file validation” to enable the “CloudTrail” file validation to determine whether a log file was modified, deleted or unchanged after “CloudTrail” delivered it.
- Scroll down and click on “Save” to enable the CloudTrail log encryption.
