💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)

ID: /frameworks/cis-aws-v2.0.0/04/03

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms.

It is recommended that a metric filter and alarm be established for 'root' login attempts to detect the unauthorized use, or attempts to use the root account.

Similar

Sections
- /frameworks/cis-aws-v3.0.0/04/03
- /frameworks/cis-aws-v1.5.0/04/03
Internal
- ID: dec-c-a130c635

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.5.0 → 💼 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - Level 1 (Automated)			1		no data
💼 CIS AWS v3.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.5.0 → 💼 4.3 Ensure a log metric filter and alarm exist for usage of 'root' account - Level 1 (Automated)			1		no data
💼 CIS AWS v3.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Root Account Usage Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​