TF 0335 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
You should enable bucket access logging on the CloudTrail S3 bucket.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
Description
The S3 bucket used to store CloudTrail logs does not have access logging enabled, preventing the capture of detailed records about access and operations performed on the bucket. Without access logging, there is no audit trail of who accessed or modified CloudTrail log files.
Impact
If access logging is not enabled, unauthorized or suspicious access to CloudTrail log files may go undetected, hindering forensic investigations and allowing attackers to cover their tracks by deleting or altering critical audit logs without traceability.
Resolution
Enable access logging on the bucket