AWS Security Hub - CloudTrail trails without log file validation

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

This query finds CloudTrail trails with log file validation disabled using AWS Security Hub findings.

Attribute	Value
Type	Hunting Query
Solution	AWS Security Hub
ID	e40c3c7d-0b6d-4f2d-90a4-4d9d77c2e3f5
Tactics	DefenseEvasion
Techniques	T1070.004, T1562.001
Required Connectors	AWSSecurityHub
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Transformations	Ingestion API	Lake-Only
AWSSecurityHubFindings	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Hunting Queries · Back to AWS Security Hub