Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At Least One Enabled Trail in a Region

This rule ensures presence of at least one enabled trail in a specific region.

RuleAt least one enabled trail should be present in a region
FrameworkNIST 800-53 Revision 5
Severity
Low

Rule Description

This rule enforces that there should be at least one enabled trail present in a specific region for compliance with the NIST 800-53 Revision 5 security standard. The NIST 800-53 Revision 5 provides guidelines and controls for securing federal information systems and organizations.

Troubleshooting Steps

If there is no enabled trail present in the specified region, follow these troubleshooting steps to ensure compliance with the rule:

  2. 1.
    Check if any trails are configured in the region. Use the AWS Command Line Interface (CLI) or AWS Management Console to list the existing trails:
aws cloudtrail describe-trails
  2. 1.
    Identify if there are any trails configured but not enabled. Trails that are not enabled do not meet the compliance requirements for this rule.
  4. 2.
    Enable an existing trail in the region or create a new trail. Ensure that the trail captures the necessary logs and events required for compliance.

Necessary Codes

No specific codes are required for this rule. However, you can use the following AWS CLI command to enable a trail if needed:

aws cloudtrail update-trail --name <trail_name> --is-multi-region-trail true --include-global-service-events --enable-log-file-validation

Replace 

<trail_name>
with the name of the trail that needs to be enabled.

Step-by-Step Guide for Remediation

Follow the steps below to remediate the issue and comply with the rule:

  2. 1.
    Identify the region for which the rule violation is detected.
  4. 2.
    Check if any existing trails are already enabled in the region. Use the following CLI command to list existing trails:
aws cloudtrail describe-trails --region <region_name>
  2. 1.
    If there are no enabled trails in the region, proceed to create a new trail. Otherwise, skip to step 6.
  4. 2.
    Create a new trail using the following CLI command:
aws cloudtrail create-trail --name <new_trail_name> --s3-bucket-name <bucket_name> --is-multi-region-trail true --include-global-service-events --enable-log-file-validation

Replace 

<new_trail_name>
with a descriptive name for the trail and 
<bucket_name>
with the name of the S3 bucket where the trail logs will be stored. 5. Enable the newly created trail with the following CLI command:

aws cloudtrail start-logging --name <new_trail_name>
  2. 1.
    Validate that the trail is now enabled by checking the trails in the region:
aws cloudtrail describe-trails --region <region_name>
  2. 1.
    Repeat these steps for any other regions where there are no enabled trails to ensure compliance with the NIST 800-53 Revision 5 standard.

Note: It is recommended to review and configure the trail settings as per your organization's logging and compliance requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now