CloudWatch

Caligo provides the following security rules for AWS CloudWatch:

  • Log metric filter and alarm should exist for AWS Mangement Console authentication failures

  • Log metric filter and alarm should exist for S3 bucket policy changes

  • Log metric filter and alarm should exist for Cloudtrail configuration changes

  • Log metric filter and alarm should exist for disabling or scheduling deletion of KMS CMKs

  • Log metric filter and alarm should exist for AWS Config configuration changes

  • Log metric filter and alarm should exist for IAM policy changes

  • Log metric filter and alarm should exist for Network Access Control List (NACL) changes

  • Log metric filter and alarm should exist for network gateway changes

  • Log metric filter and alarm should exist for AWS Organization changes

  • Log metric filter and alarm should exist for usage of the root account

  • Log metric filter and alarm should exist for route table changes

  • Log metric filter and alarm should exist for security group changes

  • Log metric filter and alarm should exist for management console sign in without MFA

  • Log metric filter and alarm should exist for unauthorized API calls

  • Log metric filter and alarm should exist for VPC changes

PreviousCloudTrailNextEC2

Last updated