Skip to main content

πŸ’Ό [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs

  • Contextual name: πŸ’Ό [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs

  • ID: /frameworks/aws-fsbp-v1.0.0/cloudtrail/05

  • Located in: πŸ’Ό CloudTrail

Description​

CloudTrail records AWS API calls that are made in a given account. The recorded information includes the following:

  • The identity of the API caller
  • The time of the API call
  • The source IP address of the API caller
  • The request parameters
  • The response elements returned by the AWS service

CloudTrail uses Amazon S3 for log file storage and delivery. You can capture CloudTrail logs in a specified S3 bucket for long-term analysis. To perform real-time analysis, you can configure CloudTrail to send logs to CloudWatch Logs.

For a trail that is enabled in all Regions in an account, CloudTrail sends log files from all of those Regions to a CloudWatch Logs log group.

Similar​

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-2(4) Account Management _ Automated Audit Actions1113
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4(26) Information Flow Enforcement _ Audit Filtering Actions7
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-6(9) Least Privilege _ Log Use of Privileged Functions1516
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-2 Event Logging46
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-3 Content of Audit Records31320
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories6
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis6
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-7(1) Audit Record Reduction and Report Generation _ Automatic Processing11
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-10 Non-repudiation55
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-12 Audit Record Generation44547
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring68
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic7
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-3(8) Malicious Code Protection _ Detect Unauthorized Commands3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(5) System Monitoring _ System-generated Alerts
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(20) System Monitoring _ Privileged Users3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events6
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-20 Tainting
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter.

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags