AWS Security Hub - Detect CloudTrail trails lacking KMS encryption

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query detects AWS CloudTrail trails that are not configured to use server-side encryption with a customer managed KMS key using AWS Security Hub control CloudTrail.2 findings. Unencrypted CloudTrail logs increase the risk of unauthorized access to sensitive audit data at rest.

Attribute	Value
Type	Analytic Rule
Solution	AWS Security Hub
ID	9c2f6c3b-7fd8-4c5a-9d9d-3c4f9e6a7b21
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Impact, DefenseEvasion
Techniques	T1565.001, T1562.008
Required Connectors	AWSSecurityHub
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
AWSSecurityHubFindings	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to AWS Security Hub