CloudTrail Deleted

This alert occurs when Lacework detects an AWS CloudTrail was deleted.

Why this Alert is Important

CloudTrail is one of the logging mechanisms to detect the activities happening in the AWS environment. Deleting the CloudTrail would delete the existing data and overall visibility across the environment.

Investigation

Search for unauthorized changes to the CloudTrail service on the AWS instance. Revert unauthorized changes. Review IAM permissions for individual accounts to see who has privileges to delete CloudTrail.

Resolution

Revert unauthorized changes made to CloudTrail.

https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html

Why this Alert is Important​

Investigation​

Resolution​

Related Information​

Why this Alert is Important

Investigation

Resolution

Related Information