💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)

ID: /frameworks/cis-aws-v2.0.0/04/10

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms. Security Groups are a stateful packet filter that controls ingress and egress traffic within a VPC.

It is recommended that a metric filter and alarm be established for detecting changes to Security Groups.

Similar

Sections
- /frameworks/cis-aws-v3.0.0/04/10
- /frameworks/cis-aws-v1.5.0/04/10
Internal
- ID: dec-c-ce4b2c28

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.5.0 → 💼 4.10 Ensure a log metric filter and alarm exist for security group changes - Level 2 (Automated)			1		no data
💼 CIS AWS v3.0.0 → 💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v1.5.0 → 💼 4.10 Ensure a log metric filter and alarm exist for security group changes - Level 2 (Automated)			1		no data
💼 CIS AWS v3.0.0 → 💼 4.10 Ensure security group changes are monitored - Level 2 (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Security Group Changes Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​