Rule: AWS CloudTrail Multi-Region Presence

This rule ensures the presence of at least one multi-region AWS CloudTrail in an account.

Rule	At least one multi-region AWS CloudTrail should be present in an account
Framework	NIST 800-53 Revision 5
Severity	✔ Medium

AWS CloudTrail Multi-Region Configuration

Description:

As per the NIST 800-53 Revision 5 guideline, it is recommended to have at least one multi-region AWS CloudTrail configured in an AWS account. AWS CloudTrail helps in auditing and monitoring actions performed within the AWS ecosystem. A multi-region configuration ensures that the CloudTrail service can capture events from all regions, providing a comprehensive audit trail of account activity across the entire AWS infrastructure.

Troubleshooting:

There may be instances where a multi-region AWS CloudTrail is not present in an account. In such cases, follow the steps below to troubleshoot:

1.
Check the CloudTrail service in the AWS Management Console to verify if any trails are configured.

2.
If no trails are present, proceed to create a new trail by following the remediation steps provided.

Remediation:

To create a multi-region AWS CloudTrail, follow the steps outlined below:

1.

Open the AWS Management Console and navigate to the CloudTrail service.

2.

Click on the "Trails" tab in the left sidebar.

3.
Click on the "Create trail" button.

Trail Settings:
- Trail name: Enter a descriptive name for the trail.
- Apply trail to all regions: Enable this option to capture events from all regions.
Management events:
- Read/Write events: Enable this option to capture both read and write management events.
Data events:
- Specific S3 buckets: Choose the specific S3 buckets to capture data events, if required.
Storage Location:
- S3 bucket: Select or create an S3 bucket to store the CloudTrail logs.
Advanced:
- Enable event log delivery for new regions: Enable this option to automatically capture events from new regions.

4.

Click on the "Create" button to create the multi-region CloudTrail.

Additional Considerations:

Ensure that appropriate permissions are assigned to the CloudTrail service for writing logs to the specified S3 bucket.
Regularly review and analyze the CloudTrail logs for any security or compliance-related issues.
Implement log archival and retention policies as per your organization's requirements.
Consider integrating CloudTrail with other AWS services like AWS CloudWatch or AWS Config for enhanced monitoring and analysis.

By following the above steps, you can ensure compliance with the NIST 800-53 Revision 5 guideline of having at least one multi-region AWS CloudTrail in your AWS account.

Rule: AWS CloudTrail Multi-Region Presence

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation:

.css-1ekaeh4{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:22px;font-weight:700;margin-top:1rem;margin-bottom:0rem;}Trail Settings:

Management events:

Data events:

Storage Location:

Advanced:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Additional Considerations:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Description:

Troubleshooting:

Remediation:

Trail Settings:

Additional Considerations:

Is your System Free of Underlying Vulnerabilities?
Find Out Now