CloudTrail trail file integration validation is not enabled
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

CloudTrail trail file integration validation is not enabled

cloudtrail

Classification:

compliance

Set up the cloudtrail integration.

Overview

Description

Ensure that an AWS CloudTrail trail has file integration validation enabled.

Rationale

AWS CloudTrail file integration validation can verify whether files were modified or changed once delivered to an S3 bucket.

Remediation

Console

Follow the Enabling Log File Integrity Validation for CloudTrail docs to enable validation.

CLI

  1. Run aws cloudtrail describe-trails

  2. Run update-trail on any returned trail name above to enable-log-file-validation.

    update-trail.sh

        aws cloudtrail update-trail
            --name GlobalTrailName
            --enable-log-file-validation