Ensure CloudTrail Log File Validation is Enabled in AWS
This automation checks whether log file integrity validation is enabled on a CloudTrail trail. CloudTrail log file validation creates a digitally signed digest file that contains a hash of each log that CloudTrail writes to Amazon S3. You can use these digest files to determine whether a log file was changed, deleted, or unchanged after CloudTrail delivered the log. Send results via Email.
  1. Ensure CloudTrail Log File Validation is Enabled.
  2. Send results via Email. This result step can be changed from Email to Slack, Microsoft Teams or Discord.