How to resolve Sprinto check for enabling log file integrity validation on AWS CloudTrail

About:

Sprinto check: CloudTrail trails have log file integrity validation enabled

This Sprinto check verifies that log file integrity validation is enabled for your AWS CloudTrail trails. AWS CloudTrail is a service that records AWS API calls and related events, providing a comprehensive audit trail for your AWS account.

Purpose:

The purpose of this check is to ensure that the log files generated by CloudTrail are protected against tampering or modification. By enabling log file integrity validation, CloudTrail creates hash values for each log file and stores them alongside the logs. These hash values can be used to verify the integrity of the log files, ensuring that they have not been altered or tampered with.

How to fix this check:

Follow the below steps to resolve this check:

Before you begin

• Ensure you have administrator privileges on the AWS account to manage AWS CloudTrail configurations.

Enabling Log File Integrity Validation

1. Log in to AWS Console using your credentials.

2. Navigate to the AWS CloudTrails service.

3. Click on Trails from the left-side navigation bar.

   
4. Select the trail from the resource list for which you wish to enable the trail log validation.

5. Click Edit from the General Settings.

   
6. Ensure the Log file validation under the Additional settings is enabled. If it is disabled, enable it.

   
7. Click Save Changes to apply the configuration.

Once the configuration is updated, Sprinto retrieves the applied changes and sets the check’s status to “Passing.”

Contact Sprinto support if you have any queries related to the check or need any assistance.