Ensure CloudTrail log file validation is enabled

Logging and monitoring

Ensure CloudTrail log file validation is enabled

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS CIS
AWS Foundational Security Best Practices Controls
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CSA CCM
GDPR
HITRUST
ISO 27701
ISO/IEC 27001
Mitre ATT&CK v12
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices

Description

CloudTrail log file validation creates a digitally signed digest file containing a hash of each log that CloudTrail writes to S3. These digest files can be used to determine whether a log file was changed, deleted, or unchanged after CloudTrail delivered the log. It is recommended that file validation be enabled on all CloudTrails.

Recommended Mitigation

Turn on log file verification for {AwsCloudTrail}

Ensure CloudTrail log file validation is enabled

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS