Cloudtrail Alter Encryption Configuration (aws)
Platform | Author | Last Update |
---|---|---|
aws | Nick Jones | 2024-12-02 |
Alter cloudtrail encryption configuration such that log ingestion can no longer read logs
MITRE IDs
Required Permissions
- cloudtrail:UpdateTrail
Required Parameters
Name | Type | Description | Example Value |
---|---|---|---|
trailname | str | Name of the cloudtrail to be targeted | example-cloudtrail |
kmskeyid | str | KMS key ID to use, supply an empty string to disable encryption |
Attacker Action
Detection Case
ELK query
When logs are ingested into ELK, the following Lucene query can be used to identify relevant events.