Overview
Records when an AWS CloudTrail trail is deleted via the DeleteTrail API operation. This is a critical management event that should be monitored for compliance and security purposes.
When Generated:
- When a user or service deletes a CloudTrail trail via AWS Console
- When DeleteTrail API is called programmatically
- During automated cleanup processes
- When trails are removed due to cost optimization
Security Relevance:
High
Compliance:
SOC 2
PCI DSS
HIPAA
SOX
FedRAMP
Frequency Notes: Low frequency event - trail deletions are typically infrequent administrative actions
Resources
Documentation
- AWS CloudTrail API Reference official
- CloudTrail DeleteTrail Documentation official
- OCSF Schema Documentation reference
Tools
- AWS CloudTrail Console - Web interface for managing CloudTrail trails and viewing events
- AWS CLI - Command-line interface for AWS services including CloudTrail
Generation Configuration
Base Frequency: 5 events/hour
Time Patterns:
business_hours
night_hours
weekend
Business Hours Multiplier: 2.0x
Night Hours Multiplier: 0.3x
Weekend Multiplier: 0.1x