CloudTrail Changed
This alert occurs when Lacework detects an AWS CloudTrail change.
Why this Alert is Important
CloudTrail is one of the important logging sources available in AWS. CloudTrail changes can significantly impact the logs received. Any unauthorized change to CloudTrail can limit the logging capability across the AWS account, thus limiting the visibility across AWS instances.
Investigation
Search for unauthorized changes to the CloudTrail service on the AWS instance. Revert unauthorized changes.
Resolution
Revert unauthorized changes made to CloudTrail.
Related Information
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html