TF 0048 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cloudtrail log validation should be enabled to prevent tampering of log data
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
| Vulnerability Type | omission |
Description
CloudTrail trails are configured without log file validation, which means there is no mechanism to detect if log files stored in S3 have been tampered with or altered. This makes it possible for malicious changes to go unnoticed.
Impact
If CloudTrail logs are modified by an attacker, evidence of unauthorized or malicious activity can be removed or altered, undermining audit trails and making incident response and forensic investigations unreliable.
Resolution
Turn on log validation for Cloudtrail