Skip to main content

More Info:

Your trails should have file integrity validation feature enabled in order to check the log files and detect whether these were modified or deleted after CloudTrail agent delivered them to the S3 bucket.

Risk Level

Medium

Address

Security

Compliance Standards

HIPAA, CISAWS, CBP, SOC2, NIST, GDPR

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” for AWS using AWS console, follow these steps:
  1. Login to the AWS Management Console.
  2. Go to the CloudTrail service.
  3. Select the trail for which you want to enable file integrity validation.
  4. Click on the “Edit” button in the “Trail details” section.
  5. In the “Advanced” section, enable the “Enable log file integrity validation” option.
  6. Click on the “Save” button to save the changes.
Once you have enabled file integrity validation for the CloudTrail trail, it will start validating the integrity of log files to ensure that they have not been tampered with. This will help you maintain the integrity and security of your CloudTrail logs.

To remediate the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” for AWS using AWS CLI, follow the steps below:
  1. Open the AWS CLI on your local machine.
  2. Run the following command to enable the file integrity validation feature for trails: 
aws cloudtrail update-trail --name <trail-name> --enable-log-file-validation
Make sure to replace <trail-name> with the name of the trail you want to enable the feature for.
  1. Verify that the file integrity validation feature has been enabled by running the following command:
aws cloudtrail describe-trails --trail-name-list <trail-name>
This will return a JSON object that includes the configuration settings for the specified trail. Look for the LogFileValidationEnabled property and make sure it is set to true.
  1. Repeat these steps for any other trails that need the file integrity validation feature enabled.
By following these steps, you will have successfully remediated the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” for AWS using AWS CLI.
To remediate the misconfiguration “File Integrity Validation Feature Should Be Enabled For Trails” in AWS, you can follow these steps using Python:
  1. Import the required AWS SDK libraries:
import boto3
from botocore.exceptions import ClientError
  1. Create an AWS CloudTrail client object:
cloudtrail = boto3.client('cloudtrail')
  1. Get a list of all the existing trails:
try:
    response = cloudtrail.describe_trails()
    trails = response['trailList']
except ClientError as e:
    print("Error:", e)
  1. For each trail, check if the “LogFileValidationEnabled” parameter is set to true:
for trail in trails:
    trail_name = trail['Name']
    try:
        response = cloudtrail.get_trail_status(Name=trail_name)
        log_file_validation_enabled = response['IsLogFileValidationEnabled']
    except ClientError as e:
        print("Error:", e)
    
    if not log_file_validation_enabled:
        # Enable file integrity validation for the trail
        try:
            cloudtrail.update_trail(Name=trail_name, EnableLogFileValidation=True)
            print("Enabled file integrity validation for trail:", trail_name)
        except ClientError as e:
            print("Error:", e)
  1. The script will loop through all the trails and enable file integrity validation for any trail where it is not already enabled.
Note: Before running this script, make sure you have the necessary AWS credentials configured on your machine.

Additional Reading:

I