From 9b3182ac01f612833c2b2435705fad4edc629abd Mon Sep 17 00:00:00 2001
From: content-bot <55035720+content-bot@users.noreply.github.com>
Date: Sun, 10 Mar 2024 11:56:05 +0200
Subject: [PATCH] Get trail status (#33277)

* Get trail status (#32960)

* "contribution update to pack "AWS - CloudTrail""

* made requested changes

* Update Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md

Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml

Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml

Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py

Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* removed try & except under get_trail_status function

* fixed indent

* fixed typo

* fixed typo

* made requested changes

* updated docker version

* updated docker

* fixed typos

* reverted change on package-lock.json

* reverted changes as requested

* revert package-lock.json

* update dockerimage

* Update 1_1_0.md

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.yml

* Update 1_1_0.md

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update AWS-CloudTrail.py

* Update Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py

Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* Update AWS-CloudTrail_test.py

* Update 1_1_0.md

* Update AWS-CloudTrail.yml

---------

Co-authored-by: xsoar-bot <xsoar-bot@paloaltonetworks.com>
Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>

* revert package-lcok

* remove docker line

---------

Co-authored-by: kcelovic <kcelovic1@yahoo.com>
Co-authored-by: xsoar-bot <xsoar-bot@paloaltonetworks.com>
Co-authored-by: Yuval Hayun <70104171+YuvHayun@users.noreply.github.com>
Co-authored-by: YuvHayun <yhayun@paloaltonetworks.com>
---
 .../AWS-CloudTrail/AWS-CloudTrail.py          |   47 +-
 .../AWS-CloudTrail/AWS-CloudTrail.yml         |   53 +-
 .../AWS-CloudTrail_description.md             |    2 +-
 .../AWS-CloudTrail/AWS-CloudTrail_test.py     |   20 +
 .../Integrations/AWS-CloudTrail/README.md     | 1034 +++++------------
 Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md    |    6 +
 Packs/AWS-CloudTrail/pack_metadata.json       |    2 +-
 7 files changed, 411 insertions(+), 753 deletions(-)
 create mode 100644 Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md

diff --git a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py
index 322f55a157b7..b16f45fea552 100644
--- a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py
+++ b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py
@@ -1,6 +1,7 @@
-import demistomock as demisto
-from CommonServerPython import *
-from CommonServerUserPython import *
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
 import boto3
 from botocore.config import Config
 from botocore.parsers import ResponseParserError
@@ -104,8 +105,8 @@ def aws_session(service='cloudtrail', region=None, roleArn=None, roleSessionName
 
 def handle_returning_date_to_string(date_obj: datetime | str) -> str:
     """Gets date object to string"""
-    # if the returning date is a string leave it as is.
-    if isinstance(date_obj, str):
+    # if the returning date is a string or None, leave it as is.
+    if date_obj is None or isinstance(date_obj, str):
         return date_obj
 
     # if event time is datetime object - convert it to string.
@@ -238,6 +239,40 @@ def describe_trails(args: dict) -> CommandResults:
     )
 
 
+def get_trail_status(args: dict) -> CommandResults:
+    client = aws_session(
+        region=args.get('region'),
+        roleArn=args.get('roleArn'),
+        roleSessionName=args.get('roleSessionName'),
+        roleSessionDuration=args.get('roleSessionDuration'),
+    )
+
+    kwargs = {'Name': args.get('name')}
+
+    response = client.get_trail_status(**kwargs)
+
+    data = {
+        'IsLogging': response.get('IsLogging'),
+        'LatestDeliveryTime': handle_returning_date_to_string(response.get('LatestDeliveryTime')),
+        'LatestCloudWatchLogsDeliveryError': response.get('LatestCloudWatchLogsDeliveryError'),
+        'LatestDeliveryErrorDetails': response.get('LatestDeliveryErrorDetails'),
+        'LatestNotificationError': response.get('LatestNotificationError'),
+        'LatestNotificationTime': handle_returning_date_to_string(response.get('LatestNotificationTime')),
+        'StartLoggingTime': handle_returning_date_to_string(response.get('StartLoggingTime')),
+        'StopLoggingTime': handle_returning_date_to_string(response.get('StopLoggingTime')),
+        'LatestCloudWatchLogsDeliveryTime': handle_returning_date_to_string(response.get('LatestCloudWatchLogsDeliveryTime')),
+        'LatestDigestDeliveryTime': handle_returning_date_to_string(response.get('LatestDigestDeliveryTime')),
+        'LatestDigestDeliveryError': response.get('LatestDigestDeliveryError')
+    }
+
+    return CommandResults(
+        outputs_prefix="AWS.CloudTrail.TrailStatus",
+        outputs_key_field="Name",
+        outputs=data,
+        readable_output=tableToMarkdown('AWS CloudTrail TrailStatus', data),
+    )
+
+
 def update_trail(args: dict) -> CommandResults:
     client = aws_session(
         region=args.get('region'),
@@ -409,6 +444,8 @@ def main():
             return_results(stop_logging(args))
         if command == 'aws-cloudtrail-lookup-events':
             return_results(lookup_events(args))
+        if command == 'aws-cloudtrail-get-trail-status':
+            return_results(get_trail_status(args))
 
     except Exception as e:
         err = "Error has occurred in the AWS CloudTrail Integration."
diff --git a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml
index 96f55b80a2b2..dde5a179614c 100644
--- a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml
+++ b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml
@@ -371,9 +371,60 @@ script:
     - contextPath: AWS.CloudTrail.Events.CloudTrailEvent
       description: A JSON string that contains a representation of the event returned.
       type: string
+  - arguments:
+    - description: Specifies the names of multiple trails.
+      name: trailNameList
+    - description: Specifies the region of the trail.
+      name: region
+      required: true
+    - description: The The Amazon Resource Name (ARN) of the role to assume.
+      name: roleArn
+    - description: An identifier for the assumed role session.
+      name: roleSessionName
+    - description: The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.
+      name: roleSessionDuration
+    - description: Specifies the name of the trail.
+      name: name
+      required: true
+    description: Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail.
+    name: aws-cloudtrail-get-trail-status
+    outputs:
+    - contextPath: AWS.CloudTrail.TrailStatus.IsLogging
+      description: Whether the CloudTrail trail is currently logging Amazon Web Services API calls.
+      type: boolean
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryError
+      description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationError
+      description: Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryTime
+      description: Specifies the date and time that CloudTrail last delivered log files to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationTime
+      description: Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.StartLoggingTime
+      description: Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.StopLoggingTime
+      description: Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryError
+      description: Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryTime
+      description: Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryTime
+      description: Specifies the date and time that CloudTrail last delivered a digest file to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryError
+      description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket.
+      type: string
   dockerimage: demisto/boto3py3:1.0.0.89556
   runonce: false
-  script: '-'
+  script: ''
   subtype: python3
   type: python
 tests:
diff --git a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_description.md b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_description.md
index 45a7420390ac..a3cec4b1f0cb 100644
--- a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_description.md
+++ b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_description.md
@@ -11,4 +11,4 @@ on your AWS environment.
 - Attach a Role to the Instance Profile.
 - Configure the Necessary IAM Roles that the AWS Integration Can Assume.
 
-For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
+For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
\ No newline at end of file
diff --git a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_test.py b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_test.py
index c8b5ace4239f..4c3eee8c0ba4 100644
--- a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_test.py
+++ b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_test.py
@@ -93,6 +93,9 @@ def stop_logging(self, **kwargs):
     def lookup_events(self, **kwargs):
         return None
 
+    def get_trail_status(self, **kwargs):
+        return {"IsLogging": True}
+
     def get_paginator(self, _):
         class Paginator:
             def paginate(self, **kwargs):
@@ -297,3 +300,20 @@ def test_cloudtrail_lookup_events(mocker, aws_cloudtrail, return_results_func):
     command_result: CommandResults = return_results_func.call_args[0][0]
     outputs: list[dict] = command_result.outputs
     assert outputs[0]["Username"] == "user"
+
+
+def test_cloudtrail_get_trail_status(mocker, aws_cloudtrail, return_results_func):
+    """
+    Given
+    - demisto args
+    When
+    - running aws-cloudtrail-get-trail-status command
+    Then
+    - Ensure the command result is returned as expected
+    """
+    args = {"name": "name"}
+    mock_command(mocker, aws_cloudtrail, "aws-cloudtrail-get-trail-status", args)
+    aws_cloudtrail.main()
+    command_result: CommandResults = return_results_func.call_args[0][0]
+    outputs: dict = command_result.outputs
+    assert "IsLogging" in outputs
diff --git a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/README.md b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/README.md
index d482f8aed812..42c7017dd569 100644
--- a/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/README.md
+++ b/Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/README.md
@@ -1,745 +1,289 @@
-<!-- HTML_DOC -->
-<p>AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting. For more information, see the <a href="https://aws.amazon.com/cloudtrail/" target="_blank" rel="noopener">AWS CloudTrail documentation</a>.</p>
-<h2>Configure AWS CloudTrail on Cortex XSOAR</h2>
-<ol>
-<li>Navigate to <strong>Settings</strong> &gt; <strong>Integrations</strong> &gt; <strong>Servers &amp; Services</strong>.</li>
-<li>Search for AWS - CloudTrail.</li>
-<li>Click <strong>Add instance</strong> to create and configure a new integration instance.
-<ul>
-<li>
-<strong>Name</strong>: a textual name for the integration instance.</li>
-<li>
-<strong>Default Region</strong>:</li>
-<li><strong>Role Arn</strong></li>
-<li><strong>Role Session Name</strong></li>
-<li><strong>Role Session Duration</strong></li>
-</ul>
-</li>
-<li>Click <strong>Test</strong> to validate the URLs, token, and connection.</li>
-</ol>
-<h2>Commands</h2>
-<p>You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.</p>
-<ol>
-<li><a href="#h_589060726551537170698921">Create a trail: aws-cloudtrail-create-trail</a></li>
-<li><a href="#h_3520194191261537170708997">Delete a trail: aws-cloudtrail-delete-trail</a></li>
-<li><a href="#h_790727151951537170714578">Get the settings of a trail: aws-cloudtrail-describe-trails</a></li>
-<li><a href="#h_550289152641537170720170">Update a trail: aws-cloudtrail-update-trail</a></li>
-<li><a href="#h_4634425373321537170726697">Start recording logs: aws-cloudtrail-start-logging</a></li>
-<li><a href="#h_1455390123981537170732135">Stop recording logs: aws-cloudtrail-stop-logging</a></li>
-<li><a href="#h_2415424384631537170737396">Search API activity events: aws-cloudtrail-lookup-events</a></li>
-</ol>
-<h3 id="h_589060726551537170698921">1. Create a trail</h3>
-<hr>
-<p>Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five trails can exist in a region, irrespective of the region in which they were created.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-create-trail</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 203px;"><strong>Argument Name</strong></th>
-<th style="width: 434px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 203px;">name</td>
-<td style="width: 434px;">Specifies the name of the trail</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 203px;">s3BucketName</td>
-<td style="width: 434px;">Specifies the name of the Amazon S3 bucket designated for publishing log files</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 203px;">s3KeyPrefix</td>
-<td style="width: 434px;">Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">snsTopicName</td>
-<td style="width: 434px;">Specifies the name of the Amazon SNS topic defined for notification of log file delivery</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">includeGlobalServiceEvents</td>
-<td style="width: 434px;">Specifies whether the trail is publishing events from global services, such as IAM, to the log files</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">isMultiRegionTrail</td>
-<td style="width: 434px;">Specifies whether the trail is created in the current region or in all regions. The default is false.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">enableLogFileValidation</td>
-<td style="width: 434px;">Specifies whether log file integrity validation is enabled. The default is false.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">cloudWatchLogsLogGroupArn</td>
-<td style="width: 434px;">Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">cloudWatchLogsRoleArn</td>
-<td style="width: 434px;">Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">kmsKeyId</td>
-<td style="width: 434px;">Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">region</td>
-<td style="width: 434px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">roleArn</td>
-<td style="width: 434px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">roleSessionName</td>
-<td style="width: 434px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 203px;">roleSessionDuration</td>
-<td style="width: 434px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 364px;"><strong>Path</strong></th>
-<th style="width: 53px;"><strong>Type</strong></th>
-<th style="width: 291px;"><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.Name</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the name of the trail</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.S3BucketName</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the name of the Amazon S3 bucket designated for publishing log files</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.IncludeGlobalServiceEvents</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies whether the trail is publishing events from global services such as IAM to the log files</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.IsMultiRegionTrail</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies whether the trail exists in one region or in all regions</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.TrailARN</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the trail that was created</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.LogFileValidationEnabled</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies whether log file integrity validation is enabled</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.SnsTopicARN</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.S3KeyPrefix</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.CloudWatchLogsRoleArn</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.KmsKeyId</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the KMS key ID that encrypts the logs delivered by CloudTrail</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.HomeRegion</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">The region in which the trail was created</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-create-trail name=test s3BucketName=test</p>
-<h5>Context Example</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44986554-66339300-af84-11e8-8498-85e2d5cc970e.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44986554-66339300-af84-11e8-8498-85e2d5cc970e.png" alt="image" width="750" height="334"></a></p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44984342-af7fe480-af7c-11e8-8de7-14d95b1c438d.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44984342-af7fe480-af7c-11e8-8de7-14d95b1c438d.png" alt="image" width="751" height="399"></a></p>
-<h3 id="h_3520194191261537170708997">2. Delete a trail</h3>
-<hr>
-<p>Deletes a trail. This operation must be called from the region in which the trail was created. DeleteTrail cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-delete-trail</code></p>
-<h5>Input</h5>
-<table style="width: 746px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 141px;"><strong>Argument Name</strong></th>
-<th style="width: 496px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 141px;">name</td>
-<td style="width: 496px;">Specifies the name or the CloudTrail ARN of the trail to be deleted. The format of a trail ARN is: arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail</td>
-<td style="width: 71px;">Required</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<p>There is no context output for this command.</p>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-delete-trail name=test</p>
-<h5>Human Readable Output</h5>
-<h5><a href="https://user-images.githubusercontent.com/34302832/44986642-c1fe1c00-af84-11e8-8bd8-5e9327750955.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44986642-c1fe1c00-af84-11e8-8bd8-5e9327750955.png" alt="image" width="753" height="73"></a></h5>
-<h3 id="h_790727151951537170714578">3. Get the settings of a trail</h3>
-<hr>
-<p>Retrieves settings for the trail associated with the current region for your account.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-describe-trails</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 148px;"><strong>Argument Name</strong></th>
-<th style="width: 489px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 148px;">trailNameList</td>
-<td style="width: 489px;">Specifies a list of trail names, trail ARNs, or both, of the trails to describe. If an empty list is specified, information for the trail in the current region is returned.</td>
-<td style="width: 71px;">False</td>
-</tr>
-<tr>
-<td style="width: 148px;">includeShadowTrails</td>
-<td style="width: 489px;">Specifies whether to include shadow trails in the response. A shadow trail is the replication in a region of a trail that was created in a different region. The default is "true".</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 148px;">region</td>
-<td style="width: 489px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 148px;">roleArn</td>
-<td style="width: 489px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 148px;">roleSessionName</td>
-<td style="width: 489px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 148px;">roleSessionDuration</td>
-<td style="width: 489px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 364px;"><strong>Path</strong></th>
-<th style="width: 53px;"><strong>Type</strong></th>
-<th style="width: 291px;"><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.Name</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Name of the trail set by calling CreateTrail</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.S3BucketName</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Name of the Amazon S3 bucket into which CloudTrail delivers your trail files</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.S3KeyPrefix</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.SnsTopicARN</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.IncludeGlobalServiceEvents</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Set to "True" to include AWS API calls from AWS global services such as IAM. Otherwise, "False".</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.IsMultiRegionTrail</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies whether the trail belongs only to one region or exists in all regions</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.HomeRegion</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">The region in which the trail was created</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.TrailARN</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the trail</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.LogFileValidationEnabled</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies whether log file validation is enabled</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.Trails.CloudWatchLogsRoleArn</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.KmsKeyId</td>
-<td style="width: 53px;">string</td>
-<td style="width: 291px;">Specifies the KMS key ID that encrypts the logs delivered by CloudTrail</td>
-</tr>
-<tr>
-<td style="width: 364px;">AWS.CloudTrail.HasCustomEventSelectors</td>
-<td style="width: 53px;">boolean</td>
-<td style="width: 291px;">Specifies if the trail has custom event selectors</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-describe-trails</p>
-<h5>Context Example</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44986869-6f712f80-af85-11e8-85c4-a7b5935ce2b8.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44986869-6f712f80-af85-11e8-85c4-a7b5935ce2b8.png" alt="image" width="750" height="364"></a></p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44986812-42bd1800-af85-11e8-8eaf-85313efcb5d0.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44986812-42bd1800-af85-11e8-8eaf-85313efcb5d0.png" alt="image" width="750" height="376"></a></p>
-<h3 id="h_550289152641537170720170">4. Update a trail</h3>
-<hr>
-<p>Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-update-trail</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 211px;"><strong>Argument Name</strong></th>
-<th style="width: 426px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 211px;">name</td>
-<td style="width: 426px;">Specifies the name of the trail or trail ARN</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 211px;">s3BucketName</td>
-<td style="width: 426px;">Specifies the name of the Amazon S3 bucket designated for publishing log files</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">s3KeyPrefix</td>
-<td style="width: 426px;">Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">snsTopicName</td>
-<td style="width: 426px;">Specifies the name of the Amazon SNS topic defined for notification of log file delivery</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">includeGlobalServiceEvents</td>
-<td style="width: 426px;">Specifies whether the trail is publishing events from global services such as IAM to the log files</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">isMultiRegionTrail</td>
-<td style="width: 426px;">Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">enableLogFileValidation</td>
-<td style="width: 426px;">Specifies whether log file validation is enabled. The default is false.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">cloudWatchLogsLogGroupArn</td>
-<td style="width: 426px;">Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">cloudWatchLogsRoleArn</td>
-<td style="width: 426px;">Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">kmsKeyId</td>
-<td style="width: 426px;">Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">region</td>
-<td style="width: 426px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">roleArn</td>
-<td style="width: 426px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">roleSessionName</td>
-<td style="width: 426px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 211px;">roleSessionDuration</td>
-<td style="width: 426px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 366px;"><strong>Path</strong></th>
-<th style="width: 51px;"><strong>Type</strong></th>
-<th style="width: 291px;"><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.Name</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the name of the trail</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.S3BucketName</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the name of the Amazon S3 bucket designated for publishing log files</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.IncludeGlobalServiceEvents</td>
-<td style="width: 51px;">boolean</td>
-<td style="width: 291px;">Specifies whether the trail is publishing events from global services such as IAM to the log files</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.IsMultiRegionTrail</td>
-<td style="width: 51px;">boolean</td>
-<td style="width: 291px;">Specifies whether the trail exists in one region or in all regions</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.TrailARN</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the trail that was created</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.LogFileValidationEnabled</td>
-<td style="width: 51px;">boolean</td>
-<td style="width: 291px;">Specifies whether log file integrity validation is enabled</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.SnsTopicARN</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.S3KeyPrefix</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the Amazon Resource Name (ARN) of the log group to which CloudTrail logs will be delivered</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.CloudWatchLogsRoleArn</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.KmsKeyId</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">Specifies the KMS key ID that encrypts the logs delivered by CloudTrail</td>
-</tr>
-<tr>
-<td style="width: 366px;">AWS.CloudTrail.Trails.HomeRegion</td>
-<td style="width: 51px;">string</td>
-<td style="width: 291px;">The region in which the trail was created</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-update-trail name=test isMultiRegionTrail=true</p>
-<h5>Context Example</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44986869-6f712f80-af85-11e8-85c4-a7b5935ce2b8.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44986869-6f712f80-af85-11e8-85c4-a7b5935ce2b8.png" alt="image" width="748" height="363"></a></p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44987057-240b5100-af86-11e8-923c-8865248dce61.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44987057-240b5100-af86-11e8-923c-8865248dce61.png" alt="image" width="756" height="379"></a></p>
-<h3 id="h_4634425373321537170726697">5. Start recording logs</h3>
-<hr>
-<p>Starts the recording of AWS API calls and log file delivery for a trail. For a trail that is enabled in all regions, this operation must be called from the region in which the trail was created. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-start-logging</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 150px;"><strong>Argument Name</strong></th>
-<th style="width: 487px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 150px;">name</td>
-<td style="width: 487px;">Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs AWS API calls</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 150px;">region</td>
-<td style="width: 487px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 150px;">roleArn</td>
-<td style="width: 487px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 150px;">roleSessionName</td>
-<td style="width: 487px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 150px;">roleSessionDuration</td>
-<td style="width: 487px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<p>There is no context output for this command.</p>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-start-logging name=test</p>
-<h5>Context Example</h5>
-<p>There is no context output for this command.</p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44987148-6e8ccd80-af86-11e8-9e20-ccac11087749.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44987148-6e8ccd80-af86-11e8-9e20-ccac11087749.png" alt="image" width="748" height="102"></a></p>
-<h3 id="h_1455390123981537170732135">6. Stop recording logs</h3>
-<hr>
-<p>Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording. For a trail enabled in all regions, this operation must be called from the region in which the trail was created, or an InvalidHomeRegionException will occur. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail enabled in all regions.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-stop-logging</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 149px;"><strong>Argument Name</strong></th>
-<th style="width: 488px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 149px;">name</td>
-<td style="width: 488px;">Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs AWS API calls</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 149px;">region</td>
-<td style="width: 488px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 149px;">roleArn</td>
-<td style="width: 488px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 149px;">roleSessionName</td>
-<td style="width: 488px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 149px;">roleSessionDuration</td>
-<td style="width: 488px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<p>There is no context output for this command.</p>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-stop-logging name=test</p>
-<h5>Context Example</h5>
-<p>There is no context output for this command.</p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44987179-9419d700-af86-11e8-9283-1c50b1275ff1.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44987179-9419d700-af86-11e8-9283-1c50b1275ff1.png" alt="image"></a></p>
-<h3 id="h_2415424384631537170737396">7. Search API activity events</h3>
-<hr>
-<p>Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account. Events for a region can be looked up for the times in which you had CloudTrail turned on in that region during the last seven days.</p>
-<h5>Base Command</h5>
-<p><code>aws-cloudtrail-lookup-events</code></p>
-<h5>Input</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 146px;"><strong>Argument Name</strong></th>
-<th style="width: 491px;"><strong>Description</strong></th>
-<th style="width: 71px;"><strong>Required</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 146px;">attributeKey</td>
-<td style="width: 491px;">Specifies an attribute on which to filter the returned events</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 146px;">attributeValue</td>
-<td style="width: 491px;">Specifies a value for the specified <em>AttributeKey</em>
-</td>
-<td style="width: 71px;">Required</td>
-</tr>
-<tr>
-<td style="width: 146px;">startTime</td>
-<td style="width: 491px;">Specifies that only events that occur on or after the specified time are returned</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 146px;">endTime</td>
-<td style="width: 491px;">Specifies that only events that occur on or before the specified time are returned</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 146px;">region</td>
-<td style="width: 491px;">The AWS Region, if not specified the default region will be used</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 146px;">roleArn</td>
-<td style="width: 491px;">The Amazon Resource Name (ARN) of the role to assume</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 146px;">roleSessionName</td>
-<td style="width: 491px;">An identifier for the assumed role session</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-<tr>
-<td style="width: 146px;">roleSessionDuration</td>
-<td style="width: 491px;">The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.</td>
-<td style="width: 71px;">Optional</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Context Output</h5>
-<table style="width: 748px;" border="2" cellpadding="6">
-<thead>
-<tr>
-<th style="width: 318px;"><strong>Path</strong></th>
-<th style="width: 37px;"><strong>Type</strong></th>
-<th style="width: 353px;"><strong>Description</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.EventId</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">The CloudTrail ID of the returned event</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.EventName</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">The name of the returned event</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.EventTime</td>
-<td style="width: 37px;">date</td>
-<td style="width: 353px;">The date and time of the returned event</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.EventSource</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">The AWS service that the request was made to</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.Username</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">User name or role name of the requester that called the API in the event returned</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.ResourceName</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">The type of a resource referenced by the event returned. When the resource type cannot be determined, null is returned. Some examples of resource types are: Instance for EC2, Trail for CloudTrail, DBInstance for RDS, and AccessKey for IAM.</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.ResourceType</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">The name of the resource referenced by the event returned. These are user-created names whose values will depend on the environment. For example, the resource name might be "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for an EC2 Instance.</td>
-</tr>
-<tr>
-<td style="width: 318px;">AWS.CloudTrail.Trails.Events.CloudTrailEvent</td>
-<td style="width: 37px;">string</td>
-<td style="width: 353px;">A JSON string that contains a representation of the returned event</td>
-</tr>
-</tbody>
-</table>
-<h5> </h5>
-<h5>Command Example</h5>
-<p>!aws-cloudtrail-lookup-events attributeKey=EventName attributeValue=StartLogging</p>
-<h5>Context Example</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44987458-916bb180-af87-11e8-8bdf-4167d9183df9.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44987458-916bb180-af87-11e8-8bdf-4167d9183df9.png" alt="image" width="750" height="1020"></a></p>
-<h5>Human Readable Output</h5>
-<p><a href="https://user-images.githubusercontent.com/34302832/44987322-28843980-af87-11e8-9d91-1867808b90c4.png" target="_blank" rel="noopener noreferrer"><img src="https://user-images.githubusercontent.com/34302832/44987322-28843980-af87-11e8-9d91-1867808b90c4.png" alt="image" width="753" height="223"></a></p>
\ No newline at end of file
+Amazon Web Services CloudTrail.
+This integration was integrated and tested with version 1.0.11 of AWS - CloudTrail.
+
+## Configure AWS - CloudTrail on Cortex XSOAR
+
+1. Navigate to **Settings** > **Integrations** > **Servers & Services**.
+2. Search for AWS - CloudTrail.
+3. Click **Add instance** to create and configure a new integration instance.
+
+    | **Parameter** | **Required** |
+    | --- | --- |
+    | AWS Default Region | False |
+    | Role Arn | False |
+    | Role Session Name | False |
+    | Role Session Duration | False |
+    | Access Key | False |
+    | Secret Key | False |
+    | Access Key | False |
+    | Secret Key | False |
+    | Trust any certificate (not secure) | False |
+    | Use system proxy settings | False |
+
+4. Click **Test** to validate the URLs, token, and connection.
+
+## Commands
+
+You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.
+After you successfully execute a command, a DBot message appears in the War Room with the command details.
+
+### aws-cloudtrail-create-trail
+
+***
+Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket. A maximum of five trails can exist in a region, irrespective of the region in which they were created.
+
+#### Base Command
+
+`aws-cloudtrail-create-trail`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| name | Specifies the name of the trail. | Required | 
+| s3BucketName | Specifies the name of the Amazon S3 bucket designated for publishing log files. | Required | 
+| s3KeyPrefix | Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. | Optional | 
+| snsTopicName | Specifies the name of the Amazon SNS topic defined for notification of log file delivery. | Optional | 
+| includeGlobalServiceEvents | Specifies whether the trail is publishing events from global services such as IAM to the log files. Possible values are: True, False. | Optional | 
+| isMultiRegionTrail | Specifies whether the trail is created in the current region or in all regions. The default is false. Possible values are: True, False. | Optional | 
+| enableLogFileValidation | Specifies whether log file integrity validation is enabled. The default is false. Possible values are: True, False. | Optional | 
+| cloudWatchLogsLogGroupArn | Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. | Optional | 
+| cloudWatchLogsRoleArn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. | Optional | 
+| kmsKeyId | Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by "alias/", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier. | Optional | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.CloudTrail.Trails.Name | string | Specifies the name of the trail. | 
+| AWS.CloudTrail.Trails.S3BucketName | string | Specifies the name of the Amazon S3 bucket designated for publishing log files. | 
+| AWS.CloudTrail.Trails.IncludeGlobalServiceEvents | boolean | Specifies whether the trail is publishing events from global services such as IAM to the log files. | 
+| AWS.CloudTrail.Trails.IsMultiRegionTrail | boolean | Specifies whether the trail exists in one region or in all regions. | 
+| AWS.CloudTrail.Trails.TrailARN | string | Specifies the ARN of the trail that was created. | 
+| AWS.CloudTrail.Trails.LogFileValidationEnabled | boolean | Specifies whether log file integrity validation is enabled. | 
+| AWS.CloudTrail.Trails.SnsTopicARN | string | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. | 
+| AWS.CloudTrail.Trails.S3KeyPrefix | string | pecifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn | string | Specifies the Amazon Resource Name \(ARN\) of the log group to which CloudTrail logs will be delivered. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsRoleArn | string | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. | 
+| AWS.CloudTrail.Trails.KmsKeyId | string | Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. | 
+| AWS.CloudTrail.Trails.HomeRegion | string | The region in which the trail was created. | 
+
+### aws-cloudtrail-delete-trail
+
+***
+Deletes a trail. This operation must be called from the region in which the trail was created. DeleteTrail cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.
+
+#### Base Command
+
+`aws-cloudtrail-delete-trail`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| name | Specifies the name or the CloudTrail ARN of the trail to be deleted. The format of a trail ARN is: arn:aws:cloudtrail:us-east-1:123456789012:trail/MyTrail. | Required | 
+
+#### Context Output
+
+There is no context output for this command.
+### aws-cloudtrail-describe-trails
+
+***
+Retrieves settings for the trail associated with the current region for your account.
+
+#### Base Command
+
+`aws-cloudtrail-describe-trails`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| trailNameList | Specifies a list of trail names, trail ARNs, or both, of the trails to describe. If an empty list is specified, information for the trail in the current region is returned. | Optional | 
+| includeShadowTrails | Specifies whether to include shadow trails in the response. A shadow trail is the replication in a region of a trail that was created in a different region. The default is true. Possible values are: True, False. | Optional | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.CloudTrail.Trails.Name | string | Name of the trail set by calling CreateTrail. | 
+| AWS.CloudTrail.Trails.S3BucketName | string | Name of the Amazon S3 bucket into which CloudTrail delivers your trail files. | 
+| AWS.CloudTrail.Trails.S3KeyPrefix | string | Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. | 
+| AWS.CloudTrail.Trails.SnsTopicARN | string | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. | 
+| AWS.CloudTrail.Trails.IncludeGlobalServiceEvents | boolean | Set to True to include AWS API calls from AWS global services such as IAM. Otherwise, False. | 
+| AWS.CloudTrail.Trails.IsMultiRegionTrail | boolean | Specifies whether the trail belongs only to one region or exists in all regions. | 
+| AWS.CloudTrail.Trails.HomeRegion | string | The region in which the trail was created. | 
+| AWS.CloudTrail.Trails.TrailARN | string | Specifies the ARN of the trail. | 
+| AWS.CloudTrail.Trails.LogFileValidationEnabled | boolean | Specifies whether log file validation is enabled. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn | string | Specifies an Amazon Resource Name \(ARN\), a unique identifier that represents the log group to which CloudTrail logs will be delivered. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsRoleArn | string | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. | 
+| AWS.CloudTrail.KmsKeyId | string | Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. | 
+| AWS.CloudTrail.HasCustomEventSelectors | boolean | Specifies if the trail has custom event selectors. | 
+
+### aws-cloudtrail-update-trail
+
+***
+Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the CloudTrail service.
+
+#### Base Command
+
+`aws-cloudtrail-update-trail`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| name | Specifies the name of the trail or trail ARN. | Required | 
+| s3BucketName | Specifies the name of the Amazon S3 bucket designated for publishing log files. | Optional | 
+| s3KeyPrefix | Specifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. | Optional | 
+| snsTopicName | Specifies the name of the Amazon SNS topic defined for notification of log file delivery. | Optional | 
+| includeGlobalServiceEvents | Specifies whether the trail is publishing events from global services such as IAM to the log files. | Optional | 
+| isMultiRegionTrail | Specifies whether the trail applies only to the current region or to all regions. The default is false. If the trail exists only in the current region and this value is set to true, shadow trails (replications of the trail) will be created in the other regions. If the trail exists in all regions and this value is set to false, the trail will remain in the region where it was created, and its shadow trails in other regions will be deleted. | Optional | 
+| enableLogFileValidation | Specifies whether log file validation is enabled. The default is false. | Optional | 
+| cloudWatchLogsLogGroupArn | Specifies a log group name using an Amazon Resource Name (ARN), a unique identifier that represents the log group to which CloudTrail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn. | Optional | 
+| cloudWatchLogsRoleArn | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. | Optional | 
+| kmsKeyId | Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. | Optional | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.CloudTrail.Trails.Name | string | Specifies the name of the trail. | 
+| AWS.CloudTrail.Trails.S3BucketName | string | Specifies the name of the Amazon S3 bucket designated for publishing log files. | 
+| AWS.CloudTrail.Trails.IncludeGlobalServiceEvents | boolean | Specifies whether the trail is publishing events from global services such as IAM to the log files. | 
+| AWS.CloudTrail.Trails.IsMultiRegionTrail | boolean | Specifies whether the trail exists in one region or in all regions. | 
+| AWS.CloudTrail.Trails.TrailARN | string | Specifies the ARN of the trail that was created. | 
+| AWS.CloudTrail.Trails.LogFileValidationEnabled | boolean | Specifies whether log file integrity validation is enabled. | 
+| AWS.CloudTrail.Trails.SnsTopicARN | string | Specifies the ARN of the Amazon SNS topic that CloudTrail uses to send notifications when log files are delivered. | 
+| AWS.CloudTrail.Trails.S3KeyPrefix | string | pecifies the Amazon S3 key prefix that comes after the name of the bucket you have designated for log file delivery. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsLogGroupArn | string | Specifies the Amazon Resource Name \(ARN\) of the log group to which CloudTrail logs will be delivered. | 
+| AWS.CloudTrail.Trails.CloudWatchLogsRoleArn | string | Specifies the role for the CloudWatch Logs endpoint to assume to write to a user's log group. | 
+| AWS.CloudTrail.Trails.KmsKeyId | string | Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. | 
+| AWS.CloudTrail.Trails.HomeRegion | string | The region in which the trail was created. | 
+
+### aws-cloudtrail-start-logging
+
+***
+Starts the recording of AWS API calls and log file delivery for a trail. For a trail that is enabled in all regions, this operation must be called from the region in which the trail was created. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail that is enabled in all regions.
+
+#### Base Command
+
+`aws-cloudtrail-start-logging`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| name | Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs AWS API calls. | Required | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+There is no context output for this command.
+### aws-cloudtrail-stop-logging
+
+***
+Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circumstances, there is no need to use this action. You can update a trail without stopping it first. This action is the only way to stop recording. For a trail enabled in all regions, this operation must be called from the region in which the trail was created, or an InvalidHomeRegionException will occur. This operation cannot be called on the shadow trails (replicated trails in other regions) of a trail enabled in all regions.
+
+#### Base Command
+
+`aws-cloudtrail-stop-logging`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| name | Specifies the name or the CloudTrail ARN of the trail for which CloudTrail logs AWS API calls. | Required | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+There is no context output for this command.
+### aws-cloudtrail-lookup-events
+
+***
+Looks up API activity events captured by CloudTrail that create, update, or delete resources in your account. Events for a region can be looked up for the times in which you had CloudTrail turned on in that region during the last seven days.
+
+#### Base Command
+
+`aws-cloudtrail-lookup-events`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| attributeKey | Specifies an attribute on which to filter the events returned. Possible values are: AccessKeyId, EventId, EventName, Username, ResourceType, ResourceName, EventSource, ReadOnly. | Required | 
+| attributeValue | Specifies a value for the specified AttributeKey. | Required | 
+| startTime | Specifies that only events that occur after or at the specified time are returned. | Optional | 
+| endTime | Specifies that only events that occur before or at the specified time are returned. | Optional | 
+| region | The AWS Region, if not specified the default region will be used. | Optional | 
+| roleArn | The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.CloudTrail.Events.EventId | string | The CloudTrail ID of the event returned. | 
+| AWS.CloudTrail.Events.EventName | string | The name of the event returned. | 
+| AWS.CloudTrail.Events.EventTime | date | The date and time of the event returned. | 
+| AWS.CloudTrail.Events.EventSource | string | The AWS service that the request was made to. | 
+| AWS.CloudTrail.Events.Username | string | A user name or role name of the requester that called the API in the event returned. | 
+| AWS.CloudTrail.Events.ResourceName | string | The type of a resource referenced by the event returned. When the resource type cannot be determined, null is returned. Some examples of resource types are: Instance for EC2, Trail for CloudTrail, DBInstance for RDS, and AccessKey for IAM.  | 
+| AWS.CloudTrail.Events.ResourceType | string | The name of the resource referenced by the event returned. These are user-created names whose values will depend on the environment. For example, the resource name might be "auto-scaling-test-group" for an Auto Scaling Group or "i-1234567" for an EC2 Instance. | 
+| AWS.CloudTrail.Events.CloudTrailEvent | string | A JSON string that contains a representation of the event returned. | 
+
+### aws-cloudtrail-get-trail-status
+
+***
+Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail.
+
+#### Base Command
+
+`aws-cloudtrail-get-trail-status`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| trailNameList | Specifies the names of multiple trails. | Optional | 
+| region | Specifies the region of the trail. | Required | 
+| roleArn | The The Amazon Resource Name (ARN) of the role to assume. | Optional | 
+| roleSessionName | An identifier for the assumed role session. | Optional | 
+| roleSessionDuration | The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. | Optional | 
+| name | Specifies the name of the trail. | Required | 
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| AWS.CloudTrail.TrailStatus.IsLogging | boolean | Whether the CloudTrail trail is currently logging Amazon Web Services API calls. | 
+| AWS.CloudTrail.TrailStatus.LatestDeliveryError | string | Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket. | 
+| AWS.CloudTrail.TrailStatus.LatestNotificationError | string | Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification. | 
+| AWS.CloudTrail.TrailStatus.LatestDeliveryTime | date | Specifies the date and time that CloudTrail last delivered log files to an account’s Amazon S3 bucket. | 
+| AWS.CloudTrail.TrailStatus.LatestNotificationTime | date | Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account’s Amazon S3 bucket. | 
+| AWS.CloudTrail.TrailStatus.StartLoggingTime | date | Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account. | 
+| AWS.CloudTrail.TrailStatus.StopLoggingTime | date | Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account. | 
+| AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryError | string | Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs. | 
+| AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryTime | date | Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs. | 
+| AWS.CloudTrail.TrailStatus.LatestDigestDeliveryTime | date | Specifies the date and time that CloudTrail last delivered a digest file to an account’s Amazon S3 bucket. | 
+| AWS.CloudTrail.TrailStatus.LatestDigestDeliveryError | string | Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket. | 
diff --git a/Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md b/Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md
new file mode 100644
index 000000000000..093334440231
--- /dev/null
+++ b/Packs/AWS-CloudTrail/ReleaseNotes/1_1_0.md
@@ -0,0 +1,6 @@
+
+#### Integrations
+
+##### AWS - CloudTrail
+
+- Added the **aws-cloudtrail-get-trail-status** command, use this command to get information about the trail status.
\ No newline at end of file
diff --git a/Packs/AWS-CloudTrail/pack_metadata.json b/Packs/AWS-CloudTrail/pack_metadata.json
index 77a04fb47596..1471a042792a 100644
--- a/Packs/AWS-CloudTrail/pack_metadata.json
+++ b/Packs/AWS-CloudTrail/pack_metadata.json
@@ -2,7 +2,7 @@
     "name": "AWS - CloudTrail",
     "description": "Amazon Web Services CloudTrail.",
     "support": "xsoar",
-    "currentVersion": "1.0.12",
+    "currentVersion": "1.1.0",
     "author": "Cortex XSOAR",
     "url": "https://www.paloaltonetworks.com/cortex",
     "email": "",