Prisma Cloud Remediation - AWS CloudTrail is not Enabled on the Account

Provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. To remediate Prisma Cloud Alert "CloudTrail is not enabled on the account", this playbook creates a S3 bucket to host Cloudtrail logs and enable Cloudtrail (includes all region events and global service events).


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


  • Builtin


This playbook does not use any scripts.


  • aws-s3-put-bucket-policy
  • aws-cloudtrail-start-logging
  • aws-cloudtrail-create-trail
  • aws-s3-create-bucket
  • closeInvestigation

Playbook Inputs

NameDescriptionDefault ValueRequired
AutoEnableCloudTrailThe following resources will be created, S3 bucket cloudtrail-<account_id>, and Cloudtrail cloudtrail-<account_id>. Type "Yes" to auto-enable CloudTrail.NoOptional
CloudTrailRegionS3 bucket and (global) Cloudtrail will be created on this regionus-west-2Optional

Playbook Outputs

There are no outputs for this playbook.

Playbook Image