CloudWatch
Caligo provides the following security rules for AWS CloudWatch:
Log metric filter and alarm should exist for AWS Mangement Console authentication failures
Log metric filter and alarm should exist for S3 bucket policy changes
Log metric filter and alarm should exist for Cloudtrail configuration changes
Log metric filter and alarm should exist for disabling or scheduling deletion of KMS CMKs
Log metric filter and alarm should exist for AWS Config configuration changes
Log metric filter and alarm should exist for IAM policy changes
Log metric filter and alarm should exist for Network Access Control List (NACL) changes
Log metric filter and alarm should exist for network gateway changes
Log metric filter and alarm should exist for AWS Organization changes
Log metric filter and alarm should exist for usage of the root account
Log metric filter and alarm should exist for route table changes
Log metric filter and alarm should exist for security group changes
Log metric filter and alarm should exist for management console sign in without MFA
Log metric filter and alarm should exist for unauthorized API calls
Log metric filter and alarm should exist for VPC changes
Last updated