diff --git a/source/playbooks/SC/bin/security_controls.ts b/source/playbooks/SC/bin/security_controls.ts index 3a04e9e6..738209b6 100644 --- a/source/playbooks/SC/bin/security_controls.ts +++ b/source/playbooks/SC/bin/security_controls.ts @@ -31,6 +31,7 @@ const remediations: IControl[] = [ { control: 'AutoScaling.1' }, { control: 'CloudTrail.1' }, { control: 'CloudTrail.2' }, + { control: 'CloudTrail.3', executes: 'CloudTrail.1' }, { control: 'CloudTrail.4' }, { control: 'CloudTrail.5' }, { control: 'CloudTrail.6' }, diff --git a/source/playbooks/SC/ssmdocs/SC_CloudTrail.1.ts b/source/playbooks/SC/ssmdocs/SC_CloudTrail.1.ts index e45533f1..4647392b 100644 --- a/source/playbooks/SC/ssmdocs/SC_CloudTrail.1.ts +++ b/source/playbooks/SC/ssmdocs/SC_CloudTrail.1.ts @@ -6,7 +6,11 @@ import { PlaybookProps } from '../lib/control_runbooks-construct'; import { HardCodedString, StringVariable } from '@cdklabs/cdk-ssm-documents'; export function createControlRunbook(scope: Construct, id: string, props: PlaybookProps): ControlRunbookDocument { - return new CreateCloudTrailMultiRegionTrailDocument(scope, id, { ...props, controlId: 'CloudTrail.1' }); + return new CreateCloudTrailMultiRegionTrailDocument(scope, id, { + ...props, + controlId: 'CloudTrail.1', + otherControlIds: ['CloudTrail.3'], + }); } export class CreateCloudTrailMultiRegionTrailDocument extends ControlRunbookDocument { diff --git a/source/playbooks/SC/test/__snapshots__/security_controls_stack.test.ts.snap b/source/playbooks/SC/test/__snapshots__/security_controls_stack.test.ts.snap index b5d9d6cc..96119c44 100644 --- a/source/playbooks/SC/test/__snapshots__/security_controls_stack.test.ts.snap +++ b/source/playbooks/SC/test/__snapshots__/security_controls_stack.test.ts.snap @@ -1851,6 +1851,7 @@ Note: this remediation will create a NEW trail. "Finding": "{{ Finding }}", "expected_control_id": [ "CloudTrail.1", + "CloudTrail.3", ], "parse_id_pattern": "", },