Logging and monitoring

CloudTrail doesn’t have at least one multi-Region trail without management events exclusions

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. Visibility into your AWS account activity is a key aspect of security and operational best practices. Enabling logging with CloudTrail allows you to identify what actions were performed in your account, by who, and on which assets - enabling quicker discovery and response to anomalous activity or events in your account. We identified That for the CloudAccount there isn't CloudTrail which enabled logging in all regions, Management Events without exclusions and logging all kinds of events (read and write).

  • Recommended Mitigation

    It is recommended to enable logging in all regions, for all Management Events, and all access levels (read and write) in at least one CloudTrail trail. More details can be found in <a href="https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-cloudtrail-1" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-cloudtrail-1</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.