AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. In addition, you can use CloudTrail to detect unusual activity in your AWS accounts. These capabilities help simplify operational analysis and troubleshooting.
Ensure that CloudTrail has been enabled
Ensure that CloudTrail is collecting across all aws regions.
Ensure that the S3 bucket CloudTrail is logging to has MFA Delete enabled.
Ensure that the S3 bucket CloudTrail is logging to is not publicly accessible.
Ensure that CloudTrail is encrypted at rest.
Ensure that CloudTrail is logging all global services.
Ensure that CloudTrail is logging all management events.
Ensure that CloudTrail is has logfile validation enabled.
Are you curious as to what type of data Intelligent Discovery collects in relation to AWS vulnerabilities?
Login into our on-line demo to see a simulated view of what Intelligent Discovery collects and explains how to remediate.
Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.learn more +
Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.learn more +