AWS - Cloudtrail

From Cramsession

Revision as of 16:04, 9 February 2026 by Mflavell (talk | contribs) (Created page with " Cloudtrail should be configured to capture every API call. Coundtrail may be the first target of a bad actor: ** Disablining cloud trail is often a top prioirty of bad actors to "cover their trcks" ** The best way to prevent manimulation of log files is through the use of an SCP - Service control policy. *** The SCP can be pushed down from the top if multiple accounts are involced. Another method is to stop the ability to turn off cloudtrail: ** This is done by c...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

✍️ Verified Author: Mflavell • Click to view professional profile & credentials

Cloudtrail should be configured to capture every API call.

Coundtrail may be the first target of a bad actor:

- Disablining cloud trail is often a top prioirty of bad actors to "cover their trcks"

- The best way to prevent manimulation of log files is through the use of an SCP - Service control policy.

- - The SCP can be pushed down from the top if multiple accounts are involced.

Another method is to stop the ability to turn off cloudtrail:

- This is done by choosing YES to "enable log file validtion" when you crete or update a cloud trail.

Retrieved from "https://cramsession.net/index.php?title=AWS_-_Cloudtrail&oldid=1343"

Navigation menu