Cloudtrail log validation should be enabled to prevent tampering of log data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
CloudTrail trails are configured without log file validation, which means there is no mechanism to detect if log files stored in S3 have been tampered with or altered. This makes it possible for malicious changes to go unnoticed.
Impact#
If CloudTrail logs are modified by an attacker, evidence of unauthorized or malicious activity can be removed or altered, undermining audit trails and making incident response and forensic investigations unreliable.
Resolution#
Turn on log validation for Cloudtrail