Cloudtrail logs validation is not enabled
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS | PERMISSION |
Description
Cloudtrail logs record every action taken by a user, role or AWS service in the account as events. Log files integrity validation should be enabled to prevent an attacker from tampering the logs after Cloudtrail delivered them. This will ensure the Cloudtrail log files were not modified.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| False | False | False | True |
An attacker could tamper the Cloudtrail logs and remove traces of their activity without detection.
Remediation guidelines
Enable log file integrity validation for Cloudtrail.
References
Was this page helpful?
