Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Enabled Trail Should Be Present in a Region

This rule ensures the presence of at least one enabled CloudTrail trail in a specific region.

RuleAt least one enabled trail should be present in a region
FrameworkNIST 800-171 Revision 2
Severity
Low

Rule Description

This rule requires that at least one enabled trail should be present in a specific region to meet the compliance requirements of NIST 800-171 Revision 2. Trails are responsible for logging and monitoring of activities within a region and are essential for security and compliance purposes.

Rule Troubleshooting

If you encounter issues related to this rule, you may follow these troubleshooting steps:

  2. 1.
    Check if there are any trails enabled in the specified region.
  4. 2.
    Ensure that the trails are properly configured to capture the required logs.
  6. 3.
    Verify if any changes were made to the logging settings that might have affected the trails.
  8. 4.
    Confirm if the trails are accurately collecting and delivering logs to the desired destination.
  10. 5.
    Investigate if there are any errors or disruptions in the connectivity between the trails and the logging service.
  12. 6.
    Review the trail's permissions to confirm if the necessary IAM roles and policies are properly configured.
  14. 7.
    Check if there are any resource constraints (e.g., storage limits) that could prevent the trails from functioning properly.

Necessary Codes

If there are any necessary codes required to enforce this rule, they will be documented and provided to ensure compliance. However, in the case of this rule, there are no specific codes that need to be implemented.

Remediation Steps

Follow the step-by-step guide below to remediate the issue related to this rule:

  2. 1.
    Sign in to the AWS Management Console.
  4. 2.
    Open the AWS CloudTrail service.
  6. 3.
    Click on "Trails" in the left-hand navigation menu.
  8. 4.
    Select the region that needs to have at least one enabled trail.
  10. 5.
    Check if any trails are listed on the page.
  12. 6.
    If there are no enabled trails, click on the "Create Trail" button.
  14. 7.
    Configure the trail by providing a name and selecting the desired settings, such as the destination S3 bucket and log file name prefix.
  16. 8.
    Enable the trail by selecting the "Enable logging" option.
  18. 9.
    If necessary, adjust the additional settings like storage location, log file validation, and CloudWatch Logs integration.
  20. 10.
    Click on the "Create" button to create the trail.
  22. 11.
    Repeat these steps for any additional regions where the trail is required.
  24. 12.
    Perform periodic checks to ensure the trails are active, collecting logs, and delivering them to the correct destination.

By following these remediation steps, you will ensure compliance with the NIST 800-171 Revision 2 regulation by having at least one enabled trail present in the specified region.

Is your System Free of Underlying Vulnerabilities?
Find Out Now