Skip to main content

💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)

Contextual name: 💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)
ID: /frameworks/cis-aws-v2.0.0/04/10
Located in: 💼 4 Monitoring

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms. Security Groups are a stateful packet filter that controls ingress and egress traffic within a VPC.

It is recommended that a metric filter and alarm be established for detecting changes to Security Groups.

Similar

Sections
- /frameworks/cis-aws-v3.0.0/04/10
- /frameworks/cis-aws-v1.5.0/04/10
Internal
- ID: dec-c-ce4b2c28

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v1.5.0 → 💼 4.10 Ensure a log metric filter and alarm exist for security group changes - Level 2 (Automated)			1
💼 CIS AWS v3.0.0 → 💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v1.5.0 → 💼 4.10 Ensure a log metric filter and alarm exist for security group changes - Level 2 (Automated)			1
💼 CIS AWS v3.0.0 → 💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS CloudTrail Security Group Changes Monitoring is not enabled 🟢		🟢 x3

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
Policies (1)