Fortinet black logo

Administration Guide

Home Lacework FortiCNAPP Administration Guide

CloudTrail Deleted

CloudTrail Deleted

This alert occurs when Lacework FortiCNAPP detects an AWS CloudTrail was deleted.

Why this alert is important

CloudTrail is one of the logging mechanisms to detect the activities happening in the AWS environment. Deleting the CloudTrail would delete the existing data and overall visibility across the environment.

Investigation

Search for unauthorized changes to the CloudTrail service on the AWS instance. Revert unauthorized changes. Review IAM permissions for individual accounts to see who has privileges to delete CloudTrail.

Resolution

Revert unauthorized changes made to CloudTrail.

Related Information

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Previous
Next

CloudTrail Deleted

CloudTrail Deleted

This alert occurs when Lacework FortiCNAPP detects an AWS CloudTrail was deleted.

Why this alert is important

CloudTrail is one of the logging mechanisms to detect the activities happening in the AWS environment. Deleting the CloudTrail would delete the existing data and overall visibility across the environment.

Investigation

Search for unauthorized changes to the CloudTrail service on the AWS instance. Revert unauthorized changes. Review IAM permissions for individual accounts to see who has privileges to delete CloudTrail.

Resolution

Revert unauthorized changes made to CloudTrail.

Related Information

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Previous
Next