Description

Identifies AWS CloudTrail trails that are not configured for multi-region logging. Single-region trails create gaps in audit logging coverage since they only record API activities in one region, potentially missing important security events and activities in other AWS regions.

Detection Strategy

• Scans all CloudTrail trails in the account (excluding shadow trails)

• Reports a vulnerability when a trail's IsMultiRegionTrail property is set to false

• Each reported vulnerability includes the specific trail's ARN and its multi-region configuration status