Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: CloudTrail trails should be integrated with CloudWatch logs

This rule ensures integration of CloudTrail trails with CloudWatch logs.

RuleCloudTrail trails should be integrated with CloudWatch logs
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Critical

Rule Description:

This rule ensures that CloudTrail trails are integrated with CloudWatch logs for Federal Financial Institutions Examination Council (FFIEC) compliance. CloudTrail records API activity and logs it for auditing and compliance purposes. By integrating CloudTrail with CloudWatch logs, you can centralize and monitor the logs in a single location, enabling efficient log analysis and troubleshooting.

Troubleshooting Steps:

  1. 1.

    Verify CloudTrail trails: Check if you have CloudTrail trails configured for your AWS account. You can access CloudTrail from the AWS Management Console. Ensure that the desired trails are active and collecting logs.

  2. 2.

    Confirm CloudWatch log group: Ensure that you have a CloudWatch log group created or designated for FFIEC compliance. If not, create a new log group specifically for this purpose.

  3. 3.

    Configure CloudTrail log delivery to CloudWatch: To integrate CloudTrail with CloudWatch logs, you need to enable log delivery. Follow these steps:

    • Navigate to the CloudTrail service in the AWS Management Console.
    • Select the appropriate trail that needs to be integrated.
    • Click on the "Edit" button.
    • In the "Event logging" section, enable logging to CloudWatch Logs.
    • Select the desired log group by specifying its name or create a new one.
    • Click on "Save" to apply the changes.
  4. 4.

    Verify CloudWatch log data: After configuring CloudTrail to deliver logs to CloudWatch, ensure that the logs are being received and stored in the designated log group. Take the following steps:

    • Navigate to the CloudWatch service in the AWS Management Console.
    • Open the log group designated for FFIEC compliance.
    • Validate the presence of CloudTrail log data and verify its accuracy and completeness.
    • Apply any necessary filters or queries to analyze the logs effectively.

Necessary Codes:

No specific codes are required for this integration. The configuration is carried out through the AWS Management Console.

Step-by-Step Guide for Remediation:

  1. 1.
    Log in to the AWS Management Console.
  2. 2.
    Open the CloudTrail service.
  3. 3.
    Verify that the desired trails are active and collecting logs.
  4. 4.
    Create a CloudWatch log group specifically for FFIEC compliance if it doesn't already exist.
  5. 5.
    Select the trail you want to integrate with CloudWatch logs.
  6. 6.
    Click on the "Edit" button.
  7. 7.
    Enable log delivery to CloudWatch Logs by ticking the appropriate checkbox.
  8. 8.
    Choose the correct log group from the dropdown or create a new one.
  9. 9.
    Click on "Save" to apply the changes.
  10. 10.
    Open the CloudWatch service.
  11. 11.
    Access the log group designated for FFIEC compliance.
  12. 12.
    Validate the presence, accuracy, and completeness of CloudTrail log data.
  13. 13.
    Analyze the logs using filters or queries as needed.

By following these steps, you will successfully integrate CloudTrail trails with CloudWatch logs for FFIEC compliance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now