Caligo Security
  • Introduction
    • What is Caligo Security?
    • Get Started
    • Rules
    • Alerts
    • Compliance
    • Customize
  • Rules Catalog
    • Overview
    • Attack Paths
    • CloudTrail
    • CloudWatch
    • EC2
    • ElasticSearch
    • ELBv2
    • IAM
    • KMS
    • RDS
    • S3
    • Secrets Manager
    • Security Hub
    • SQS
    • VPC
  • Support
    • Troubleshooting
Powered by GitBook
On this page
  1. Rules Catalog

CloudTrail

Caligo provides the following security rules for AWS CloudTrail:

  • Cloudtrail trails’ S3 logging buckets should have access logging enabled

  • S3 buckets with Cloudtrail logs should not be publicly accessible

  • Cloudtrail trails should be delivered to Cloudwatch

  • Each account should have Cloudtrail enabled across all regions

  • Cloudtrail trails should have log file validation enabled

  • S3 bucket object-level read events logging should be enabled in Cloudtrail

  • S3 bucket object-level write events logging should be enabled in Cloudtrail

  • Cloudtrail trails should have at rest encryption enabled

PreviousAttack PathsNextCloudWatch

Last updated 1 year ago