AWS-CIS-alert
Control of CIS v1.2.0
Monitoring
- Ensure a log metric filter and alarm exist for unauthorized API calls
- Ensure a log metric filter and alarm exist for Management Console sign-in without MFA : Console-slack
- Ensure a log metric filter and alarm exist for usage of "root" account : Console-slack
- Ensure a log metric filter and alarm exist for IAM policy changes
- Ensure a log metric filter and alarm exist for CloudTrail configuration changes : TBD
- Ensure a log metric filter and alarm exist for AWS Management Console authentication failures : Console-slack
- Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs : TBD
- Ensure a log metric filter and alarm exist for S3 bucket policy changes : S3-slack
- Ensure a log metric filter and alarm exist for AWS Config configuration changes : TBD
- Ensure a log metric filter and alarm exist for security group changes : AWS Security Blog
- Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) : Networking-slack
- Ensure a log metric filter and alarm exist for changes to network gateways : Networking-slack
- Ensure a log metric filter and alarm exist for route table changes : Networking-slack
- Ensure a log metric filter and alarm exist for VPC change : Networking-slack
Additional alert
GuardDuty : It can cover multiple controls and enhance the security of AWS account : Guardduty-slack SecurityHub : Provide multiple security service and 3rd-party service. TBD AWS Health: The availability monitor of AWS account resource : Health-slack