File Integrity Validation Feature Should Be Enabled For Trails

More Info:

Your trails should have file integrity validation feature enabled in order to check the log files and detect whether these were modified or deleted after CloudTrail agent delivered them to the S3 bucket.

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, CISAWS, CBP, SOC2, NIST, GDPR

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” for AWS using AWS CLI, follow the steps below:

Open the AWS CLI on your local machine.
Run the following command to enable the file integrity validation feature for trails:

aws cloudtrail update-trail --name <trail-name> --enable-log-file-validation

Make sure to replace <trail-name> with the name of the trail you want to enable the feature for.

Verify that the file integrity validation feature has been enabled by running the following command:

aws cloudtrail describe-trails --trail-name-list <trail-name>

This will return a JSON object that includes the configuration settings for the specified trail. Look for the LogFileValidationEnabled property and make sure it is set to true.

Repeat these steps for any other trails that need the file integrity validation feature enabled.

By following these steps, you will have successfully remediated the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” for AWS using AWS CLI.

Using Python

To remediate the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” in AWS, you can follow these steps using Python:

Import the required AWS SDK libraries:

import boto3
from botocore.exceptions import ClientError

Create an AWS CloudTrail client object:

cloudtrail = boto3.client('cloudtrail')

Get a list of all the existing trails:

try:
    response = cloudtrail.describe_trails()
    trails = response['trailList']
except ClientError as e:
    print("Error:", e)

For each trail, check if the “LogFileValidationEnabled” parameter is set to true:

for trail in trails:
    trail_name = trail['Name']
    try:
        response = cloudtrail.get_trail_status(Name=trail_name)
        log_file_validation_enabled = response['IsLogFileValidationEnabled']
    except ClientError as e:
        print("Error:", e)
    
    if not log_file_validation_enabled:
        # Enable file integrity validation for the trail
        try:
            cloudtrail.update_trail(Name=trail_name, EnableLogFileValidation=True)
            print("Enabled file integrity validation for trail:", trail_name)
        except ClientError as e:
            print("Error:", e)

The script will loop through all the trails and enable file integrity validation for any trail where it is not already enabled.

Note: Before running this script, make sure you have the necessary AWS credentials configured on your machine.

Additional Reading:

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-enabling.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

File Integrity Validation Feature Should Be Enabled For Trails

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: