Skip to main content

๐Ÿ’ผ 4 Monitoring

  • Contextual name: ๐Ÿ’ผ 4 Monitoring
  • ID: /frameworks/cis-aws-v1.5.0/04
  • Located in: ๐Ÿ’ผ CIS AWS v1.5.0

Descriptionโ€‹

This section contains recommendations for configuring AWS to assist with monitoring and responding to account activities.

Metric filter-related recommendations in this section are dependent on the Ensure CloudTrail is enabled in all regions and Ensure CloudTrail trails are integrated with CloudWatch Logs recommendation in the "Logging" section.

Similarโ€‹

  • Internal
    • ID: dec-b-1f70dc51

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ 4.1 Ensure a log metric filter and alarm exist for unauthorized API calls - Level 1 (Automated)1
๐Ÿ’ผ 4.2 Ensure a log metric filter and alarm exist for Management Console sign-in without MFA - Level 1 (Automated)1
๐Ÿ’ผ 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - Level 1 (Automated)1
๐Ÿ’ผ 4.4 Ensure a log metric filter and alarm exist for IAM policy changes - Level 1 (Automated)1
๐Ÿ’ผ 4.5 Ensure a log metric filter and alarm exist for CloudTrail configuration changes - Level 1 (Automated)1
๐Ÿ’ผ 4.6 Ensure a log metric filter and alarm exist for AWS Management Console authentication failures - Level 2 (Automated)1
๐Ÿ’ผ 4.7 Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs - Level 2 (Automated)1
๐Ÿ’ผ 4.8 Ensure a log metric filter and alarm exist for S3 bucket policy changes - Level 1 (Automated)1
๐Ÿ’ผ 4.9 Ensure a log metric filter and alarm exist for AWS Config configuration changes - Level 2 (Automated)1
๐Ÿ’ผ 4.10 Ensure a log metric filter and alarm exist for security group changes - Level 2 (Automated)1
๐Ÿ’ผ 4.11 Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) - Level 2 (Automated)1
๐Ÿ’ผ 4.12 Ensure a log metric filter and alarm exist for changes to network gateways - Level 1 (Automated)1
๐Ÿ’ผ 4.13 Ensure a log metric filter and alarm exist for route table changes - Level 1 (Automated)1
๐Ÿ’ผ 4.14 Ensure a log metric filter and alarm exist for VPC changes - Level 1 (Automated)1
๐Ÿ’ผ 4.15 Ensure a log metric filter and alarm exists for AWS Organizations changes - Level 1 (Automated)1
๐Ÿ’ผ 4.16 Ensure AWS Security Hub is enabled - Level 2 (Automated)11