I'd like to monitor for anyone trying to erase logs from my CloudTrail's S3 Bucket.
I have tried deleting myself with my own IAM User one of the logs on this bucket but CloudTrail itself didn't seem to notice I have erased an object from it's bucket.
Is there a specific monitoring I have to activate to check if these logs are being erased by a possible attacker?
Also a plus: Is there any way Guard Duty detects this kind of actions in my environment?
Thanks in advance.
You can use CloudTrail log validation for this, which can be enabled in console or via AWS CLI:
To validate the integrity of CloudTrail log files, you can use the AWS CLI or create your own solution. The AWS CLI will validate files in the location where CloudTrail delivered them.