Logging and monitoring

Ensure CloudTrail log file validation is enabled

Description

CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was changed, deleted, or unchanged after CloudTrail delivered the log. It is recommended that file validation be enabled on all CloudTrails.
  • Recommended Mitigation

    Turn on log file verification for {AwsCloudTrail}