This rule ensures the presence of a log metric filter for unauthorized API calls.
Rule | Ensure a log metric filter and alarm exist for unauthorized API calls |
Framework | cis_v130 |
Severity | ✔ Low |
Rule Description:
To maintain the security of the system and prevent unauthorized access, it is important to have a log metric filter and alarm in place for unauthorized API calls. This rule is specific to CIS benchmark version 1.3.0 (cis_v130).
Troubleshooting Steps:
Necessary Codes:
No necessary codes provided for this rule.
Remediation Steps:
Creating Log Metric Filter:
[{ ($.errorCode = "*UnauthorizedOperation") || ($.errorCode = "AccessDenied*") }]
Creating Alarm:
Note:
Ensure that the alarm has appropriate actions such as notifications or automated remediation steps to be taken when triggered. Additionally, it is recommended to periodically review the effectiveness of the log metric filter and alarm and make necessary adjustments to improve accuracy.