From dd0ef8c0b4e2a6eac4b1a22742ca540b69cdd3e5 Mon Sep 17 00:00:00 2001
From: Nimrod Kor <nimrodkor@gmail.com>
Date: Wed, 29 Apr 2020 21:39:00 +0300
Subject: [PATCH] If no local cloudtrail trail is found - check org trail

---
 checks/check21 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/checks/check21 b/checks/check21
index ba297461..d354bad5 100644
--- a/checks/check21
+++ b/checks/check21
@@ -35,6 +35,11 @@ check21(){
 	done
 
 	if [[ $trail_count == 0 ]]; then
-    textFail "No CloudTrail trails were found in the account"
+	  ORG_TRAIL=$($AWSCLI cloudtrail describe-trails $PROFILE_OPT --region us-east-1 | jq '.trailList[] | select(.IsMultiRegionTrail and .IsOrganizationTrail) | .Name' | sed 's/"//g')
+	  if [[ $ORG_TRAIL != "" ]]; then
+      textPass "$ORG_TRAIL trail in $regx is enabled for all regions"
+    else
+      textFail "No CloudTrail trails were found in the account"
+    fi
   fi
 }
\ No newline at end of file