Get logging data from trails with trail ARN instead of name. This is …

…required with Organizations, as a Trail will be located in another account.
nccgroup · Dec 11, 2018 · 2eef793 · 2eef793
1 parent 7c18424
commit 2eef793
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/ScoutSuite/providers/aws/services/cloudtrail.py b/ScoutSuite/providers/aws/services/cloudtrail.py
@@ -49,7 +49,10 @@ def parse_trail(self, global_params, region, trail):
                 trail_config[key] = trail_details[key] if key in trail_details else None
 
         if trail_details:
-            trail_config['wildcard_data_logging'] = self.data_logging_status(trail_config['name'], trail_details, api_client)
+            # using trail ARN instead of name as with Organizations the trail would be located in another account
+            trail_config['wildcard_data_logging'] = self.data_logging_status(trail_config['TrailARN'],
+                                                                             trail_details,
+                                                                             api_client)
 
         self.trails[trail_id] = trail_config