Cloudtrail logs validation is not enabled
- GG_ID: GG_IAC_0028
- Severity: HIGH
- Complexity: LOW
- Categories: PERMISSION
- Providers: AWS
- Potential data exposure: False
- Visible in logs: False
- User interaction required: False
- Privileges required: True
#
DescriptionCloudtrail logs record every action taken by a user, role or AWS service in the account as events. Log files integrity validation should be enabled to prevent an attacker from tampering the logs after Cloudtrail delivered them. This will ensure the Cloudtrail log files were not modified.
#
ImpactAn attacker could tamper the Cloudtrail logs and remove traces of their activity without detection.
#
Remediation guidelinesEnable log file integrity validation for Cloudtrail.