Ensure a Log Metric Filter and Alarm Exist for Changes to Network Gateways Rule

This rule ensures the presence of a log metric filter and alarm for network gateway changes.

Rule	Ensure a log metric filter and alarm exist for changes to network gateways
Framework	General Data Protection Regulation (GDPR)
Severity	✔ Low

Rule Description:

This rule ensures that there is a log metric filter and alarm set up to track any changes made to network gateways in compliance with the General Data Protection Regulation (GDPR). This regulation requires organizations to monitor and record any modifications to network gateways to ensure the security and privacy of personal data.

Troubleshooting Steps:

If the log metric filter or alarm is not set up, it may indicate that the organization is not effectively monitoring changes to network gateways for GDPR compliance.
Verify that the AWS CloudWatch service is enabled and properly configured.
Check if the appropriate IAM roles and permissions are in place to create log metric filters and alarms.
Review the log metric filter and alarm filter patterns to ensure they accurately capture changes to network gateways.

Necessary Codes:

1.
AWS CLI command to create a log metric filter:

aws logs put-metric-filter \
    --log-group-name <log-group-name> \
    --filter-name <filter-name> \
    --filter-pattern <filter-pattern> \
    --metric-transformations \
        metricName=<metric-name>,metricNamespace=<metric-namespace>,metricValue=1 \
    --region <region>

1.
AWS CLI command to create an alarm for the log metric filter:

aws cloudwatch put-metric-alarm \
    --alarm-name <alarm-name> \
    --alarm-description <alarm-description> \
    --namespace <metric-namespace> \
    --metric-name <metric-name> \
    --statistic Sum \
    --period <alarm-period> \
    --threshold <alarm-threshold> \
    --comparison-operator GreaterThanOrEqualToThreshold \
    --evaluation-periods <evaluation-periods> \
    --alarm-actions <alarm-actions> \
    --dimensions Name=<dimension-name>,Value=<dimension-value> \
    --region <region>

Step by Step Guide for Remediation:

Follow the steps below to remediate the issue and ensure the presence of a log metric filter and alarm for changes to network gateways in compliance with GDPR:

Step 1: Create a Log Metric Filter

1.

Open the AWS Command Line Interface (CLI) or a terminal with AWS CLI installed.

2.

Execute the following command, replacing the placeholders with appropriate values:

aws logs put-metric-filter \
    --log-group-name <log-group-name> \
    --filter-name <filter-name> \
    --filter-pattern <filter-pattern> \
    --metric-transformations \
        metricName=<metric-name>,metricNamespace=<metric-namespace>,metricValue=1 \
    --region <region>

```
<log-group-name>
```
: Specify the name of the log group to which the metric filter should be applied.
```
<filter-name>
```
: Provide a meaningful name for the log metric filter.
```
<filter-pattern>
```
: Define the filter pattern to match changes to network gateways.
```
<metric-name>
```
: Choose a name for the metric that will be generated.
```
<metric-namespace>
```
: Specify the namespace for the metric.
```
<region>
```
: Provide the AWS region where the metric filter should be created.

1.
Verify that the log metric filter has been successfully created.

Step 2: Create an Alarm for the Log Metric Filter

1.
Execute the following command, replacing the placeholders with appropriate values:

aws cloudwatch put-metric-alarm \
    --alarm-name <alarm-name> \
    --alarm-description <alarm-description> \
    --namespace <metric-namespace> \
    --metric-name <metric-name> \
    --statistic Sum \
    --period <alarm-period> \
    --threshold <alarm-threshold> \
    --comparison-operator GreaterThanOrEqualToThreshold \
    --evaluation-periods <evaluation-periods> \
    --alarm-actions <alarm-actions> \
    --dimensions Name=<dimension-name>,Value=<dimension-value> \
    --region <region>

```
<alarm-name>
```
: Specify a meaningful name for the alarm.
```
<alarm-description>
```
: Provide a brief description of the alarm.
```
<metric-namespace>
```
: Specify the namespace for the metric used in the alarm.
```
<metric-name>
```
: Choose the same metric name used in the log metric filter.
```
<alarm-period>
```
: Define the time period over which the alarm will be evaluated.
```
<alarm-threshold>
```
: Set the threshold value for triggering the alarm.
```
<evaluation-periods>
```
: Specify the number of consecutive periods the metric must be above the threshold to trigger the alarm.
```
<alarm-actions>
```
: Provide the actions to be taken when the alarm state changes (e.g., sending notifications).
```
<dimension-name>
```
: Specify the name of the dimension for the alarm.
```
<dimension-value>
```
: Provide the value of the dimension used in the alarm.
```
<region>
```
: Provide the AWS region where the alarm should be created.

1.
Verify that the alarm has been successfully created.

Conclusion:

By following these steps, you can ensure that a log metric filter and alarm are set up for changes to network gateways in compliance with GDPR. This allows organizations to maintain transparency, security, and accountability regarding modifications made to network gateways containing personal data.

Ensure a Log Metric Filter and Alarm Exist for Changes to Network Gateways Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 1: Create a Log Metric Filter

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step 2: Create an Alarm for the Log Metric Filter

Is your System Free of Underlying Vulnerabilities? Find Out Now

Step 1: Create a Log Metric Filter

Step 2: Create an Alarm for the Log Metric Filter

Is your System Free of Underlying Vulnerabilities?
Find Out Now