CloudTrail Trail Insights Exist

Overview

CloudTrail Insights provides a powerful way to search and analyze CloudTrail log data using pre-built queries and machine learning algorithms. This can help you to identify potential security threats and suspicious activity in near real-time, such as unauthorized access attempts, policy changes, or resource modifications.

This check ensures that CloudTrail has insight selectors configured and is logging. CloudTrail with insight selectors also provides additional event analysis and management.

Vendor

AWS

Cloud Service

CloudTrail

References

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-events-with-cloudtrail.html, https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-insights-event-selector.html, https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html#cloudtrail-creating-trail-organization-insights

Severity

1

Item Types

AWS::CloudTrail::Trail