Skip to main content

CloudTrail Changed

This alert occurs when Lacework detects an AWS CloudTrail change.

Why this Alert is Important

CloudTrail is one of the important logging sources available in AWS. CloudTrail changes can significantly impact the logs received. Any unauthorized change to CloudTrail can limit the logging capability across the AWS account, thus limiting the visibility across AWS instances.

Investigation

Search for unauthorized changes to the CloudTrail service on the AWS instance. Revert unauthorized changes.

Resolution

Revert unauthorized changes made to CloudTrail.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html