Rule: At Least One Enabled Trail Must be Present in a Region
This rule ensures presence of at least one enabled trail in a region.
| Rule | At least one enabled trail should be present in a region |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Low |
Rule Description:
The RBI (Reserve Bank of India) Cyber Security Framework requires that at least one enabled trail should be present in a specific region. This rule is implemented to enhance the monitoring and logging capabilities of an organization and ensure compliance with the RBI's cybersecurity guidelines.
Troubleshooting Steps:
If your organization is not currently meeting this requirement, you can follow these troubleshooting steps to resolve the issue:
- 1.
Check for existing trails: Run a command or use the service console to check if any trails are currently enabled in the designated region. If there are no trails present, this is likely the cause of non-compliance.
- 2.
Enable a trail: If no trail is enabled in the designated region, you need to create and enable one. You can do this either through the command-line interface (CLI) or the management console, depending on the logging service you are using.
- 3.
Verify trail configuration: Ensure that the trail configuration meets the RBI Cyber Security Framework requirements. This includes log file retention, log source coverage, and log delivery to a secure and centralized location.
- 4.
Test trail functionality: Once the trail is enabled, verify that it is collecting the necessary logs and delivering them to the intended destination. You can test by generating some sample log events and validating their presence in the trail.
- 5.
Monitor and maintain trails: Regularly monitor the trails to ensure they remain active and are not experiencing any issues. Implement a proactive approach to trail maintenance, such as configuring alerts for any disruptions or errors in log ingestion.
Necessary Codes:
The specific codes required may vary depending on the logging service you are using. Here are a couple of examples:
AWS CloudTrail:
To enable a trail in AWS CloudTrail using the AWS CLI, you can use the following command:
aws cloudtrail create-trail --name <trail-name> --s3-bucket-name <bucket-name> --region <region> --enable-log-file-validation
Replace
<trail-name><bucket-name><region>Azure Log Analytics:
To create a trail in Azure Log Analytics, you can use the Azure CLI with the following command:
az monitor diagnostic-settings create --name <settings-name> --resource <resource-id> --logs '[{"category": "AuditLogs", "enabled": true}]' --workspace <workspace-id>
Replace
<settings-name><resource-id><workspace-id>Note: Ensure that the created trail meets the RBI Cyber Security Framework requirements and includes additional configurations if necessary.
Step-by-Step Guide for Remediation:
Follow these steps to remediate the non-compliance issue regarding the presence of at least one enabled trail in the designated region:
- 1.
Identify the logging service used by your organization (e.g., AWS CloudTrail, Azure Log Analytics, etc.).
- 2.
Access the relevant management console or open a command-line interface (CLI) to interact with the logging service.
- 3.
Check if any trails are currently enabled in the designated region and note down their details.
- 4.
If no trails are enabled, proceed to create a new trail. Use the necessary commands or configurations based on the logging service you are working with.
- 5.
Verify the trail configuration to ensure it aligns with the RBI Cyber Security Framework requirements.
- 6.
Test the functionality of the trail by generating sample log events and validating their presence in the trail.
- 7.
Monitor the trail to ensure its ongoing functionality and make any necessary adjustments or enhancements.
- 8.
Document the details of the created/modified trail and its configuration for future reference.
By following these steps, you can remediate the non-compliance issue and ensure that at least one enabled trail is present in the designated region, meeting the requirements set by the RBI Cyber Security Framework.