Skip to main content

๐Ÿ’ผ 4 Monitoring

  • Contextual name: ๐Ÿ’ผ 4 Monitoring
  • ID: /frameworks/cis-aws-v1.3.0/04
  • Located in: ๐Ÿ’ผ CIS AWS v1.3.0

Descriptionโ€‹

For effectiveness and coverage of recommended metric-filters and alarms, recommendations in Section 3 should be implemented on Multi-region CloudTrail referred in 'Ensure CloudTrail is enabled in all regions' Updated Overview should look like: This section contains recommendations for configuring AWS to assist with monitoring and responding to account activities. Metric filter-related recommendations in this section are dependent on the 'Ensure CloudTrail is enabled in all regions' and 'Ensure CloudTrail trails are integrated with CloudWatch Logs' recommendation in the "Logging" section. Additionally, step 3 of the remediation procedure for the same recommendations provides guidance for establishing an email-based subscription ('--protocol email'). This is provided as an example and is not meant to suggest other protocols provide lesser value.

Similarโ€‹

  • Internal
    • ID: dec-b-fdb188f4

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls1
๐Ÿ’ผ 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA1
๐Ÿ’ผ 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account1
๐Ÿ’ผ 4.4 Ensure a log metric filter and alarm exist for IAM policy changes1
๐Ÿ’ผ 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes1
๐Ÿ’ผ 4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures1
๐Ÿ’ผ 4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs1
๐Ÿ’ผ 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes1
๐Ÿ’ผ 4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes1
๐Ÿ’ผ 4.10 Ensure a log metric filter and alarm exist for security group changes1
๐Ÿ’ผ 4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL)1
๐Ÿ’ผ 4.12 Ensure a log metric filter and alarm exist for changes to network gateways1
๐Ÿ’ผ 4.13 Ensure a log metric filter and alarm exist for route table changes1
๐Ÿ’ผ 4.14 Ensure a log metric filter and alarm exist for VPC changes1
๐Ÿ’ผ 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes1