Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

At Least One Enabled Trail Rule

This rule ensures the presence of at least one enabled trail in a region.

RuleAt least one enabled trail should be present in a region
FrameworkCISA-cyber-essentials
Severity
Low

Rule Description:

The rule mandates that at least one enabled trail should be present in a specific region for CISA-cyber-essentials. This requirement ensures that the logging and monitoring capabilities are maintained to achieve compliance with the CISA cyber essentials framework.

Troubleshooting Steps:

If this rule is not compliant, follow the steps below to troubleshoot and rectify the issue:

  1. 1.

    Verify Enabled Trails: Confirm if there are any enabled trails available in the specified region. Trails are used to capture and log AWS API and management console activity.

  2. 2.

    Check Trail Status: Ensure that the existing trails in the specified region are in the "Enabled" state. A disabled trail will not fulfill the requirement.

  3. 3.

    Confirm Trail Presence: If there are no enabled trails in the specified region, you need to create a new trail.

Necessary Codes:

There are no specific codes provided for this rule; however, the AWS Command Line Interface (CLI) can be utilized to create and manage trails.

Step-by-Step Guide for Remediation:

Follow the instructions below to ensure compliance with the rule:

  1. 1.

    Check Enabled Trails:

    • Open the AWS Management Console.
    • Navigate to the AWS CloudTrail service page.
    • Select the specified region.
  2. 2.

    Verify Trail Status:

    • Review the list of trails available in the selected region.
    • Ensure that at least one trail is marked as "Enabled."
  3. 3.

    Create a New Trail (if necessary): If there are no enabled trails in the specified region, follow these steps to create a new trail:

    • Install and configure the AWS CLI by following the official documentation if not already done.

    • Open the terminal or command prompt.

    • Run the following command to create a new trail:

      aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --is-multi-region-trail --region <specified-region>
      

      Replace

      <trail-name>
      with a name for your trail and
      <bucket-name>
      with the name of an existing S3 bucket where logs will be stored. Also, replace
      <specified-region>
      with the desired region.

    • Enable the created trail by running the following command:

      aws cloudtrail start-logging --name <trail-name> --region <specified-region>
      

      Replace

      <trail-name>
      with the name of the newly created trail and
      <specified-region>
      with the desired region.

  4. 4.

    Verification:

    • Return to the AWS CloudTrail service page in the AWS Management Console.
    • Confirm that the new trail is now listed and marked as "Enabled."
    • Ensure that the compliance status of the rule has been achieved for the specified region in the CISA-cyber-essentials framework.

By following these steps, you will meet the compliance requirement of having at least one enabled trail in the specified region for CISA-cyber-essentials.

Is your System Free of Underlying Vulnerabilities?
Find Out Now