Ensure that your trails have file integrity validation feature enabled in order to check the log files and detect whether these were modified or deleted after CloudTrail agent delivered them to the S3 bucket.
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Enabling this feature will allow you to validate the integrity of your CloudTrail log files and determine if the files were changed once delivered to the specified S3 bucket - the expectation is that the log files should remain unchanged. The log file integrity validation use industry standard algorithms such as SHA-256 for hashing and SHA-256 RSA for digital signing which makes impossible to change files without detection.
Note: this guide will also explain how to validate your CloudTrail log files as integrity validation task for your security audit and compliance process by using AWS CLI (see Remediation / Resolution section, step 2).
To determine if your trails have log file validation feature enabled, perform the following:
Remediation / Resolution
Step 1: enable log file integrity validation. To turn on this feature for your trails, perform the following:
Step 2: validate your CloudTrail log files with AWS CLI (validation via CloudTrail console is not currently available in AWS). For integrity validation process, perform the following:
- AWS Documentation
- AWS CloudTrail FAQs
- CloudTrail Concepts
- Validating CloudTrail Log File Integrity
- Enabling Log File Integrity Validation for CloudTrail
- Validating CloudTrail Log File Integrity with the AWS CLI
- Creating and Updating Your Trail
- Creating and Updating a Trail with the AWS CLI
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
CloudTrail Log File Integrity Validation
Risk level: Medium