Suspicious activity

CloudTrail trail logging was stopped

Risk Level

Informational (4)



Orca detected that an API call to 'StopLogging' CloudTrail events was made, the operation was successful. Aws CloudTrail service consists of a set of trails, each defines a different logging configuration. By calling the 'StopLogging' API, logging in a specific trail will be disabled and therefore tracking and monitoring will be low.
  • Recommended Mitigation

    It is recommended to review the permissions which were used to make this API call. In case the trail is active, enable logging and investigate the principal that issued this API call to determine if this is a legit activity.