💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)

ID: /frameworks/cis-aws-v3.0.0/04/03

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms.

It is recommended that a metric filter and alarm be established for 'root' login attempts to detect the unauthorized use, or attempts to use the root account.

Similar

Sections
- /frameworks/cis-aws-v4.0.0/04/03
- /frameworks/cis-aws-v2.0.0/04/03
Internal
- ID: dec-c-f6380140

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v2.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1		no data
💼 CIS AWS v4.0.0 → 💼 4.3 Ensure usage of the 'root' account is monitored (Manual)			1		no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS AWS v2.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1		no data
💼 CIS AWS v4.0.0 → 💼 4.3 Ensure usage of the 'root' account is monitored (Manual)			1		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS CloudTrail Root Account Usage Monitoring is not enabled🟢⚪		🟢 x2, ⚪ x1	no data

Description​

Similar​

Similar Sections (Take Policies From)​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​