New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Plugin] Check for Symptoms of CloudTrail Tampering #21

Open

andrewkrug opened this issue Nov 13, 2016 · 1 comment

Labels

enhancement help wanted

Member

andrewkrug commented Nov 13, 2016

Look for new KMS keys
Check KMS key bypass-policy-lockout-safety-check flag
Attempt to generate and then read a CloudTrail event to validate everything is working.

andrewkrug added the enhancement label

Member Author

andrewkrug commented Jun 4, 2017

This is a perfect fit for the plugin model. Someone could easily write this in our plugin pattern to query cloudtrail for this info.

andrewkrug closed this as completed

andrewkrug reopened this

andrewkrug added the help wanted label

andrewkrug changed the title ~~Check for Symptoms of CloudTrail Tampering~~ [Plugin] Check for Symptoms of CloudTrail Tampering

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment