AWSCloudTrail.yaml

version: 1
ATT&CK version: 9
creation date: 08/02/2021
name: AWS CloudTrail
contact: ctid@mitre-engenuity.org
organization: Center for Threat Informed Defense (CTID)
platform: AWS
tags:
  - Not Mappable
description: >-
  AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and
  risk auditing of your AWS account. Actions taken by a user, role, or an AWS service are recorded
  as events in CloudTrail.
techniques: []
comments: >-
  This control is not mappable because it does not provide any detection of malicious techniques. It
  primarily provides a way to log and record events within AWS which then can be piped to other
  security controls to determine if malicious activity has occurred.
references:
  - 'https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html'