Skip to main content

💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)

Contextual name: 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)
ID: /frameworks/cis-aws-v3.0.0/04/03
Located in: 💼 4 Monitoring

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs, or an external Security information and event management (SIEM) environment, and establishing corresponding metric filters and alarms.

It is recommended that a metric filter and alarm be established for 'root' login attempts to detect the unauthorized use, or attempts to use the root account.

Similar

Sections
- /frameworks/cis-aws-v4.0.0/04/03
- /frameworks/cis-aws-v2.0.0/04/03
Internal
- ID: dec-c-f6380140

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v2.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1
💼 CIS AWS v4.0.0 → 💼 4.3 Ensure usage of the 'root' account is monitored (Manual)			1

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 CIS AWS v2.0.0 → 💼 4.3 Ensure usage of 'root' account is monitored - Level 1 (Manual)			1
💼 CIS AWS v4.0.0 → 💼 4.3 Ensure usage of the 'root' account is monitored (Manual)			1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (1)

Policy	Logic Count	Flags
📝 AWS CloudTrail Root Account Usage Monitoring is not enabled 🟢		🟢 x3

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections
Policies (1)