Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: At least one enabled trail should be present in a region

This rule ensures the presence of at least one enabled trail in a region for compliance.

RuleAt least one enabled trail should be present in a region
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Low

Rule Description

The rule states that at least one enabled trail should be present in a specific region for NIST Cybersecurity Framework (CSF) v1. This rule ensures that proper logging and monitoring mechanisms are in place to meet the requirements set by the NIST CSF v1.

Troubleshooting Steps

If you encounter issues with this rule, follow these troubleshooting steps:

  1. 1.
    Verify existing trails: Check if there are any existing trails in the region specified.
  2. 2.
    Trail status: Ensure that the existing trails are enabled. If not, enable them.
  3. 3.
    Create new trail: If no enabled trail exists, create a new one and enable it.
  4. 4.
    Verify region: Ensure that the trails are present and enabled in the correct region specified by the rule.

Necessary Codes

There are no specific codes provided for this rule. However, you can use the following code samples for creating and enabling a trail in AWS CloudTrail:

AWS CLI Command

To create a trail:

aws cloudtrail create-trail --name MyTrail --s3-bucket-name my-bucket \
--is-multi-region-trail --include-global-service-events

To enable a trail:

aws cloudtrail update-trail --name MyTrail --is-multi-region-trail

AWS CloudFormation Template

To create a trail using CloudFormation, you can use the following template snippet:

Resources:
  MyTrail:
    Type: AWS::CloudTrail::Trail
    Properties:
      IsMultiRegionTrail: true
      IncludeGlobalServiceEvents: true
      S3BucketName: my-bucket

Note: Replace

my-bucket
with your desired S3 bucket name.

Step-by-Step Guide for Remediation

Follow these steps to ensure compliance with the rule:

  1. 1.
    Step 1: Log in to the AWS Management Console.
  2. 2.
    Step 2: Navigate to the CloudTrail service.
  3. 3.
    Step 3: Check if there are any existing trails in the specified region.
  4. 4.
    Step 4: If there are no enabled trails, proceed to create a new one.
    • Click on "Trails" in the left navigation panel.
    • Click on "Create trail".
    • Provide a name for the trail (e.g., MyTrail).
    • Choose an S3 bucket to store the logs (ensure the bucket exists).
    • Enable multi-region trail if required.
    • Enable the option to include global service events if required.
    • Click on "Create".
  5. 5.
    Step 5: If any existing trails are disabled, proceed to enable them.
    • Select the trail from the list.
    • Click on "Edit".
    • Enable the trail if it's disabled.
    • Optionally, make any other desired changes.
    • Click on "Save".
  6. 6.
    Step 6: Verify the region of the trails.
    • Ensure that the trails are present and enabled in the correct region specified by the rule.
    • If needed, create or enable trails in other regions to fulfill the requirement.
  7. 7.
    Step 7: Validate compliance by checking if at least one enabled trail is present in the specified region for NIST CSF v1.

By following these steps, you can ensure compliance with the rule and meet the logging and monitoring requirements specified by the NIST CSF v1.

Is your System Free of Underlying Vulnerabilities?
Find Out Now