Skip to main content

Prisma Cloud Remediation - AWS CloudTrail is not Enabled on the Account

This Playbook is part of the Prisma Cloud Pack.#

Provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. To remediate Prisma Cloud Alert "CloudTrail is not enabled on the account", this playbook creates a S3 bucket to host Cloudtrail logs and enable Cloudtrail (includes all region events and global service events).

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • Builtin

Scripts#

This playbook does not use any scripts.

Commands#

  • aws-s3-put-bucket-policy
  • aws-cloudtrail-start-logging
  • aws-cloudtrail-create-trail
  • aws-s3-create-bucket
  • closeInvestigation

Playbook Inputs#


NameDescriptionDefault ValueRequired
AutoEnableCloudTrailThe following resources will be created, S3 bucket cloudtrail-<account_id>, and Cloudtrail cloudtrail-<account_id>. Type "Yes" to auto-enable CloudTrail.NoOptional
CloudTrailRegionS3 bucket and (global) Cloudtrail will be created on this regionus-west-2Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


PrismaCloudRemediation_AWSCloudTrailIsNotEnabledOnTheAccount