Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Enabled Trail Presence Requirement

This rule ensures the presence of at least one enabled trail in a specific region.

RuleAt least one enabled trail should be present in a region
FrameworkNIST 800-171 Revision 2
Severity
Low

Rule Description:

According to the NIST 800-171 Revision 2 compliance standard, it is required to have at least one enabled trail present in a specific region. This rule helps in ensuring the monitoring and tracking of activities within the region for security and compliance purposes.

Remediation Steps:

To remediate this rule and comply with the NIST 800-171 Revision 2 standard, follow the step-by-step guide below:

Step 1: Log in to the AWS Management Console

Access the AWS Management Console using valid credentials at https://console.aws.amazon.com.

Step 2: Select the desired region

From the menu located at the top-right corner of the AWS Management Console, select the desired region where the trail needs to be present.

Step 3: Open the CloudTrail service

Type "CloudTrail" in the AWS services search box and click on the "CloudTrail" service when it appears.

Step 4: Create a new trail

In the CloudTrail service, click on the "Trails" option in the left-hand menu, then click on the "Create trail" button.

Step 5: Configure the trail

In the trail creation wizard, provide a distinctive name for the trail and select the appropriate settings based on your requirements and compliance policies. Ensure that the trail is enabled during the configuration process.

Step 6: Define the trail storage location

Specify the desired Amazon S3 bucket where the CloudTrail logs will be stored. If you don't have an existing bucket, you can create one by following the prompts.

Step 7: Configure trail log file settings

Assign a prefix and define whether the log files should be encrypted or not. Adjust other settings as needed.

Step 8: Enable additional optional features

Choose whether to enable additional optional features like log file validation, CloudWatch Logs integration, or Global services. Enable them based on your specific requirements and compliance needs.

Step 9: Configure trail management events (optional)

If required, you can configure specific management events that should be logged by the trail.

Step 10: Configure data events (optional)

Optionally, configure the specific AWS service data events that should be logged by the trail.

Step 11: Review and create the trail

Review all the settings and configurations you have provided for the trail. Once reviewed, click on the "Create" button to create the trail.

Step 12: Repeat for other desired regions

Repeat the above steps for each additional region where an enabled trail is required as per the NIST 800-171 Revision 2 compliance standard.

Troubleshooting Steps:

If you encounter any issues or face troubleshooting requirements while implementing this rule, you can follow the steps below to resolve them:

  1. 1.

    Issue: Error creating a trail.

    • Troubleshooting: Ensure that you have the necessary permissions to create trails in the AWS account. Check your IAM policies and make sure you have the required permissions for CloudTrail configuration.
  2. 2.

    Issue: Trail not being enabled.

    • Troubleshooting: Double-check that you have selected the "Enabled" option during the trail creation process. If the issue persists, ensure that you have the necessary permissions to enable trails in the region.
  3. 3.

    Issue: CloudTrail logs not being delivered to the specified S3 bucket.

    • Troubleshooting: Verify that the S3 bucket you specified during the trail creation process exists and has the correct permissions for CloudTrail to deliver logs. Ensure that the bucket policy allows CloudTrail to write logs to it.
  4. 4.

    Issue: CloudTrail logs not being recorded for specific AWS services.

    • Troubleshooting: Ensure that you have correctly configured the data events for the desired AWS services during the trail creation process. Check if the services are supported by CloudTrail and verify that their data events are enabled.

If none of the above troubleshooting steps resolve your issues, refer to the AWS CloudTrail documentation for further assistance.

Relevant Codes (if applicable):

There are no specific codes applicable to this rule as the remediation steps involve creating and configuring the trail through the AWS Management Console.

Is your System Free of Underlying Vulnerabilities?
Find Out Now