Trails Should Record Both Regional And Global Events
More Info:
Your CloudTrail trails should be recording both regional and global events in order to increase the visibility of the API activity in your AWS account for security and management purposes.Risk Level
MediumAddress
SecurityCompliance Standards
AWSWAF, GDPR, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Trails Should Record Both Regional And Global Events” for AWS using AWS console, you can follow these steps:
- Open the AWS Management Console and navigate to the CloudTrail service.
- Select the trail that you want to update.
- Click on the “Edit” button.
- In the “Event selectors” section, make sure that “All” is selected under “Data events”.
- Under “Management events”, select “Global services” and “Regional services”.
- Click on the “Save” button to save the changes.
- Verify that the trail is now recording both regional and global events by checking the “Event history” tab for the trail.
Using CLI
Using CLI
To remediate this misconfiguration in AWS using AWS CLI, follow these steps:Replace Replace This command will return the details of your trail, including the settings for recording regional and global events.By following these steps, you will have remediated the misconfiguration and ensured that your AWS trail is recording both regional and global events.
- Open your terminal or command prompt and ensure that you have AWS CLI installed and configured with your AWS account credentials.
- Run the following command to create a trail with the required settings:
<trail-name> with a name for your trail and <bucket-name> with the name of the S3 bucket where you want to store your trail logs.- If you already have a trail created, you can update it to include global service events using the following command:
<trail-name> with the name of your existing trail.- Verify that your trail is recording both regional and global events by running the following command:
Using Python
Using Python
To remediate the misconfiguration “Trails Should Record Both Regional And Global Events” for AWS using Python, you can follow the below steps:Note: Replace “my-trail” with the name of your trail and “my-bucket” with the name of your S3 bucket. Also, modify the “EventSelectors” parameter to include all regions.
- Open the AWS Management Console and navigate to the CloudTrail service.
- Select the trail that needs to be updated and click on “Edit”.
- In the “Event selectors” section, click on “Add event selector”.
- In the “Create event selector” page, select “All events” under “Event selector type”.
- Select the regions for which you want to record events. You can select individual regions or select “All regions” to record events from all regions.
- Select “Global services” to record events from global services.
- Click on “Add event selector” to save the changes.
- To automate this process using Python, you can use the AWS SDK for Python (Boto3).
- Install Boto3 using the command “pip install boto3”.
- Write a Python script that uses the Boto3 library to update the CloudTrail trail.
- Use the “update_trail” method of the “cloudtrail” client to update the trail.
- Set the “IncludeGlobalServiceEvents” parameter to “True” to record events from global services.
- Set the “EventSelectors” parameter to include all regions.
- Save the script and run it to update the trail.