💼 [CloudTrail.5] CloudTrail trails should be integrated with Amazon CloudWatch Logs
- ID:
/frameworks/aws-fsbp-v1.0.0/cloudtrail/05
Description
CloudTrail records AWS API calls that are made in a given account. The recorded
information includes the following:
- The identity of the API caller
- The time of the API call
- The source IP address of the API caller
- The request parameters
- The response elements returned by the AWS service
CloudTrail uses Amazon S3 for log file storage and delivery. You can capture
CloudTrail logs in a specified S3 bucket for long-term analysis. To perform real-time
analysis, you can configure CloudTrail to send logs to CloudWatch Logs.
For a trail that is enabled in all Regions in an account, CloudTrail sends log
files from all of those Regions to a CloudWatch Logs log group.
Similar
- AWS Security Hub
- Internal
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2(4) Account Management _ Automated Audit Actions | | 14 | 22 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions | | | 18 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6(9) Least Privilege _ Log Use of Privileged Functions | | 17 | 25 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging | 4 | | 27 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records | 3 | 13 | 38 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration | | 1 | 5 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories | | | 17 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis | | | 17 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records | | | 4 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-7(1) Audit Record Reduction and Report Generation _ Automatic Processing | | 1 | 3 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-10 Non-repudiation | 5 | | 16 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation | 4 | 47 | 74 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring | 6 | | 28 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic | | | 35 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-3(8) Malicious Code Protection _ Detect Unauthorized Commands | | | 13 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-4(5) System Monitoring _ System-generated Alerts | | | 4 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-4(20) System Monitoring _ Privileged Users | | | 12 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events | | | 17 | | no data |
| 💼 NIST SP 800-53 Revision 5 → 💼 SI-20 Tainting | | | 4 | | no data |
| 💼 PCI DSS v3.2.1 → 💼 10.5.3 Promptly back up audit trail files to a centralized log server or media that is difficult to alter. | | | 3 | | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)