Cloudtrail logs validation is not enabled
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | PERMISSION |
Description
Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. Log files integrity validation should be enabled to prevent an attacker from tampering the logs after Cloudtrail delivered them. This will ensure the Cloudtrail log files were not modified.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
False | False | False | True |
An attacker could tamper the Cloudtrail logs and remove traces of their activity without detection.
Remediation guidelines
Enable log file integrity validation for Cloudtrail.