Skip to main content

πŸ’Ό 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)

  • Contextual name: πŸ’Ό 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)
  • ID: /frameworks/cis-aws-v2.0.0/04/03
  • Located in: πŸ’Ό 4 Monitoring

Description​

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms.

It is recommended that a metric filter and alarm be established for 'root' login attempts to detect the unauthorized use, or attempts to use the root account.

Similar​

  • Sections
    • /frameworks/cis-aws-v3.0.0/04/03
    • /frameworks/cis-aws-v1.5.0/04/03
  • Internal
    • ID: dec-c-a130c635

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.5.0 β†’ πŸ’Ό 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - Level 1 (Automated)1
πŸ’Ό CIS AWS v3.0.0 β†’ πŸ’Ό 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)1

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS AWS v1.5.0 β†’ πŸ’Ό 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - Level 1 (Automated)1
πŸ’Ό CIS AWS v3.0.0 β†’ πŸ’Ό 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)1

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (1)​

PolicyLogic CountFlags
πŸ“ AWS CloudTrail Root Account Usage Monitoring is not enabled 🟒🟒 x3