Zeus Cloud home pagelight logodark logo
  • Explore Demo
  • Explore Demo
Misconfigurations
CloudTrail
  • Documentation
  • GitHub
  • Demo
  • Community
  • Contact Us
  • Introduction
    • What is ZeusCloud?
    • Get Started
    • Rules
    • Alerts
    • Compliance
    • Customize
    Rules Catalog
    • Overview
    • Misconfigurations
      • CloudTrail
      • CloudWatch
      • EC2
      • ElasticSearch
      • ELBv2
      • IAM
      • KMS
      • RDS
      • S3
      • Secrets Manager
      • Security Hub
      • SQS
      • VPC
    • Attack Paths
    Contribute
    • Overview
    • Development Guide
    • Add a Security Rule
    • Add to Asset Inventory
    • Add a Compliance Framework
    Community and Support
    • Troubleshooting
    • Community
    Misconfigurations

    CloudTrail

    ZeusCloud provides the following security rules for AWS CloudTrail:

    • Cloudtrail trails’ S3 logging buckets should have access logging enabled
    • S3 buckets with Cloudtrail logs should not be publicly accessible
    • Cloudtrail trails should be delivered to Cloudwatch
    • Each account should have Cloudtrail enabled across all regions
    • Cloudtrail trails should have log file validation enabled
    • S3 bucket object-level read events logging should be enabled in Cloudtrail
    • S3 bucket object-level write events logging should be enabled in Cloudtrail
    • Cloudtrail trails should have at rest encryption enabled
    OverviewCloudWatch
    twittergithublinkedin
    Powered by Mintlify