Get trail status

Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.py

@@ -1,6 +1,7 @@
-import demistomock as demisto
-from CommonServerPython import *
-from CommonServerUserPython import *
+import demistomock as demisto  # noqa: F401
+from CommonServerPython import *  # noqa: F401
+
+
 import boto3
 from botocore.config import Config
 from botocore.parsers import ResponseParserError
@@ -102,10 +103,10 @@ def aws_session(service='cloudtrail', region=None, roleArn=None, roleSessionName
     return client
 
 
-def handle_returning_date_to_string(date_obj: datetime | str) -> str:
+def handle_returning_date_to_string(date_obj: datetime | str | None) -> str:
     """Gets date object to string"""
-    # if the returning date is a string leave it as is.
-    if isinstance(date_obj, str):
+    # if the returning date is a string or None, leave it as is.
+    if date_obj is None or isinstance(date_obj, str):
         return date_obj
 
     # if event time is datetime object - convert it to string.
@@ -238,6 +239,40 @@ def describe_trails(args: dict) -> CommandResults:
     )
 
 
+def get_trail_status(args: dict) -> CommandResults:
+    client = aws_session(
+        region=args.get('region'),
+        roleArn=args.get('roleArn'),
+        roleSessionName=args.get('roleSessionName'),
+        roleSessionDuration=args.get('roleSessionDuration'),
+    )
+
+    kwargs = {'Name': args.get('name')}
+
+    response = client.get_trail_status(**kwargs)
+
+    data = {
+        'IsLogging': response.get('IsLogging'),
+        'LatestDeliveryTime': handle_returning_date_to_string(response.get('LatestDeliveryTime')),
+        'LatestCloudWatchLogsDeliveryError': response.get('LatestCloudWatchLogsDeliveryError'),
+        'LatestDeliveryErrorDetails': response.get('LatestDeliveryErrorDetails'),
+        'LatestNotificationError': response.get('LatestNotificationError'),
+        'LatestNotificationTime': handle_returning_date_to_string(response.get('LatestNotificationTime')),
+        'StartLoggingTime': handle_returning_date_to_string(response.get('StartLoggingTime')),
+        'StopLoggingTime': handle_returning_date_to_string(response.get('StopLoggingTime')),
+        'LatestCloudWatchLogsDeliveryTime': handle_returning_date_to_string(response.get('LatestCloudWatchLogsDeliveryTime')),
+        'LatestDigestDeliveryTime': handle_returning_date_to_string(response.get('LatestDigestDeliveryTime')),
+        'LatestDigestDeliveryError': response.get('LatestDigestDeliveryError')
+    }
+
+    return CommandResults(
+        outputs_prefix="AWS.CloudTrail.TrailStatus",
+        outputs_key_field="Name",
+        outputs=data,
+        readable_output=tableToMarkdown('AWS CloudTrail TrailStatus', data),
+    )
+
+
 def update_trail(args: dict) -> CommandResults:
     client = aws_session(
         region=args.get('region'),
@@ -409,6 +444,8 @@ def main():
             return_results(stop_logging(args))
         if command == 'aws-cloudtrail-lookup-events':
             return_results(lookup_events(args))
+        if command == 'aws-cloudtrail-get-trail-status':
+            return_results(get_trail_status(args))
 
     except Exception as e:
         err = "Error has occurred in the AWS CloudTrail Integration."
@@ -419,3 +456,5 @@ def main():
 
 if __name__ in ["__builtin__", "builtins", "__main__"]:
     main()
+
+register_module_line('AWS - CloudTrail', 'end', __line__())

Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail.yml

@@ -371,9 +371,60 @@ script:
     - contextPath: AWS.CloudTrail.Events.CloudTrailEvent
       description: A JSON string that contains a representation of the event returned.
       type: string
-  dockerimage: demisto/boto3py3:1.0.0.88114
+  - arguments:
+    - description: Specifies the names of multiple trails.
+      name: trailNameList
+    - description: Specifies the region of the trail.
+      name: region
+      required: true
+    - description: The The Amazon Resource Name (ARN) of the role to assume.
+      name: roleArn
+    - description: An identifier for the assumed role session.
+      name: roleSessionName
+    - description: The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.
+      name: roleSessionDuration
+    - description: Specifies the name of the trail.
+      name: name
+      required: true
+    description: Returns a JSON-formatted list of information about the specified trail. Fields include information on delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail.
+    name: aws-cloudtrail-get-trail-status
+    outputs:
+    - contextPath: AWS.CloudTrail.TrailStatus.IsLogging
+      description: Whether the CloudTrail trail is currently logging Amazon Web Services API calls.
+      type: boolean
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryError
+      description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver log files to the designated bucket.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationError
+      description: Displays any Amazon SNS error that CloudTrail encountered when attempting to send a notification.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDeliveryTime
+      description: Specifies the date and time that CloudTrail last delivered log files to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestNotificationTime
+      description: Specifies the date and time of the most recent Amazon SNS notification that CloudTrail has written a new log file to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.StartLoggingTime
+      description: Specifies the most recent date and time when CloudTrail started recording API calls for an Amazon Web Services account.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.StopLoggingTime
+      description: Specifies the most recent date and time when CloudTrail stopped recording API calls for an Amazon Web Services account.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryError
+      description: Displays any CloudWatch Logs error that CloudTrail encountered when attempting to deliver logs to CloudWatch Logs.
+      type: string
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestCloudWatchLogsDeliveryTime
+      description: Displays the most recent date and time when CloudTrail delivered logs to CloudWatch Logs.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryTime
+      description: Specifies the date and time that CloudTrail last delivered a digest file to an account’s Amazon S3 bucket.
+      type: date
+    - contextPath: AWS.CloudTrail.TrailStatus.LatestDigestDeliveryError
+      description: Displays any Amazon S3 error that CloudTrail encountered when attempting to deliver a digest file to the designated bucket.
+      type: string
+  dockerimage: demisto/boto3py3:1.0.0.89465
   runonce: false
-  script: '-'
+  script: ''
   subtype: python3
   type: python
 tests:

Packs/AWS-CloudTrail/Integrations/AWS-CloudTrail/AWS-CloudTrail_description.md

@@ -11,4 +11,4 @@ on your AWS environment.
 - Attach a Role to the Instance Profile.
 - Configure the Necessary IAM Roles that the AWS Integration Can Assume.
 
-For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).
+For detailed instructions, see the [AWS Integrations - Authentication](https://xsoar.pan.dev/docs/reference/articles/aws-integrations---authentication).