CloudTrails Must Log Management Events
More Info:
All your AWS CloudTrail trails should be configured to log Management events in order to record important operations such as EC2 RunInstances, DescribeInstances, TerminateInstances and Console Login.Risk Level
MediumAddress
SecurityCompliance Standards
SOC2, NIST, GDPR, HIPAA, ISO27001, AWSWAFTriage and Remediation
Remediation
Using Console
Using Console
Sure, here are the step-by-step instructions to remediate the “CloudTrails Must Log Management Events” misconfiguration for AWS:
- Open the AWS Management Console and navigate to the CloudTrail service.
- Click on the Trails option in the left-hand menu.
- Select the trail that you want to modify and click on the Edit button.
- Scroll down to the Management events section.
- Enable the Log management events toggle switch.
- Choose the S3 bucket where you want to store the logs.
- Select the SNS topic (optional) to receive notifications.
- Click on the Save button to save the changes.
Using CLI
Using CLI
To remediate the “CloudTrails Must Log Management Events” misconfiguration in AWS using AWS CLI, follow the below steps:Replace Replace This command will return a list of events related to creating a trail, which confirms that management events are being logged.By following these steps, you will successfully remediate the “CloudTrails Must Log Management Events” misconfiguration in AWS using AWS CLI.
- Open the AWS CLI on your local machine or EC2 instance.
- Run the following command to check if CloudTrail is enabled:
- If CloudTrail is not enabled, run the following command to create a new trail:
<trail-name> with the name of the trail you want to create and <bucket-name> with the name of the S3 bucket where you want to store your CloudTrail logs.- If CloudTrail is already enabled, run the following command to update the trail to log management events:
<trail-name> with the name of the trail you want to update.- Verify that management events are being logged by running the following command:
Using Python
Using Python
To remediate the “CloudTrails must log management events” misconfiguration in AWS, you can use the following Python code:Replace This code will check if management events are being logged in your CloudTrail trail. If they are not being logged, it will update the trail configuration to include management events and start logging them.Note: Make sure that you have appropriate permissions to create and update CloudTrail trails and to start and stop logging.
- First, you need to enable CloudTrail in your AWS account if it is not already enabled. You can do this by using the following Python code:
my-trail with the name of your CloudTrail trail and my-bucket with the name of your S3 bucket where you want to store the logs.- Once you have enabled CloudTrail, you need to ensure that it is logging management events. You can do this by using the following Python code: