Updating AWS AVDID to: AVD-AWS-0344

aquasecurity · Sep 18, 2023 · eabb8e3 · eabb8e3
1 parent 9af2341
commit eabb8e3
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 1 deletion.
diff --git a/...cloudtrail/AVD-AWS-0343/CloudFormation.md → ...cloudtrail/AVD-AWS-0344/CloudFormation.md b/...cloudtrail/AVD-AWS-0343/CloudFormation.md → ...cloudtrail/AVD-AWS-0344/CloudFormation.md
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0344/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0344/Terraform.md
@@ -0,0 +1,14 @@
+
+Enable include global service events for Cloudtrail
+
+```hcl
+ resource "aws_cloudtrail" "good_example" {
+   include_global_service_events = true
+   s3_bucket_name = "abcdefgh"
+ }
+ 
+```
+
+#### Remediation Links
+ - https://registry.terraform.io/providers/rgeraskin/aws2/latest/docs/resources/cloudtrail#include_global_service_events
+
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0344/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0344/docs.md
@@ -0,0 +1,13 @@
+
+Include Global Service Events is a default value for Cloudtrail and it publishes events from global services that are not region specific such as IAM, STS and CloudFront. It is feasible that a rogue actor compromising an AWS account might want to disable this field to remove trace of their actions.
+
+### Impact
+Events from global services such as IAM are not being published to the log files
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-concepts.html#cloudtrail-concepts-global-service-events
+
+
diff --git a/rules/cloud/policies/aws/cloudtrail/include_global_service_events.go b/rules/cloud/policies/aws/cloudtrail/include_global_service_events.go
@@ -10,7 +10,7 @@ import (
 
 var checkIncludeGlobalServiceEvents = rules.Register(
 	scan.Rule{
-		AVDID:       "AVD-AWS-0343",
+		AVDID:       "AVD-AWS-0344",
 		Provider:    providers.AWSProvider,
 		Service:     "cloudtrail",
 		ShortCode:   "include-global-service-events",