April 2019
Intermediate to advanced
508 pages
11h 57m
English
One easy method to disrupt CloudTrail logging would be to just simply turn off any active trails. There is an API made just for this, the StopLogging API. From the AWS CLI, we can turn off logging for a trail named test within our account with the following command:
aws cloudtrail stop-logging --name test
This command must be run from the region that the target trail was created in, otherwise it will return an InvalidHomeRegionException error.
This same task can also be accomplished with the detection__detection Pacu module. That Pacu command would look something like this:
run detection__disruption --trails test@us-east-1
You would then be prompted with four different options: disable, delete, minimize, or skip. To ...
Read now
Unlock full access