TF 0360 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
CloudTrail logs should be stored in S3 and also sent to CloudWatch Logs
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudtrail |
| Provider | AWS |
Description
CloudTrail is configured to store logs only in S3 and does not send them to CloudWatch Logs, preventing real-time monitoring and analysis of AWS API activity. This limits the ability to detect and respond quickly to suspicious actions.
Impact
Without integration with CloudWatch Logs, security teams cannot perform real-time alerting or automated responses to critical AWS events. This delay in detection increases the risk of unnoticed unauthorized activities or misconfigurations, potentially leading to security breaches or data loss.
Resolution
Enable logging to CloudWatch