Aqua CSPM

CloudTrail File Validation

Quick Info

Plugin TitleCloudTrail File Validation
CloudAWS
CategoryCloudTrail
DescriptionEnsures CloudTrail file validation is enabled for all regions within an account
More InfoCloudTrail file validation is essentially a hash of the file which can be used to ensure its integrity in the case of an account compromise.
AWS Linkhttp://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-enabling.html
Recommended ActionEnable CloudTrail file validation for all regions

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for “CloudTrail”.
  3. In the “Dashboard” panel click on “View trails” button.
  4. Select the “trail” that needs to be verified under “Name” column.
  5. Scroll down and under the “Storage location” option check for “Enable log file validation”. If its status is “No” the selected trail does not support file validation.
  6. Click on the pencil icon to get into “Storage location” configuration settings. Scroll down and click on “Yes” next to “Enable log file validation” to enable the “CloudTrail” file validation to determine whether a log file was modified, deleted or unchanged after “CloudTrail” delivered it.
  7. Scroll down and click on “Save” to enable the CloudTrail log encryption.