Ensure a Log Metric Filter Rule for Unauthorized API Calls

This rule ensures a log metric filter and alarm exist for unauthorized API calls.

Rule	Ensure a log metric filter and alarm exist for unauthorized API calls
Framework	General Data Protection Regulation (GDPR)
Severity	✔ Low

Rule Description:

The rule ensures that a log metric filter and alarm are in place to monitor unauthorized API calls for compliance with the General Data Protection Regulation (GDPR). This is essential to maintain the security and privacy of personal data within an organization.

Troubleshooting Steps:

1.
Check if the required log metric filter and alarm are already configured.

2.
Verify the log sources and log streams are correctly configured.

3.
Ensure the appropriate permissions are granted to access and modify the log metric filter and alarm settings.

4.
Review the existing filter pattern to ensure it captures unauthorized API calls accurately.

5.
Verify if the alarm threshold and actions are correctly configured.

Necessary Codes:

There are no specific codes required for this rule. However, the following AWS CloudWatch Logs Filter Pattern can be used as a starting point for monitoring unauthorized API calls:

{ $.errorCode = "*UnauthorizedOperation" }

Step-by-Step Guide for Remediation:

1.
Log in to the AWS Management Console.

2.
Navigate to the CloudWatch service.

3.
Click on "Log Groups" from the left-hand sidebar.

4.
Select the appropriate log group where API access logs are stored.

5.
Click on "Create Metric Filter".

6.
In the "Filter Pattern" section, enter the filter pattern mentioned above.

7.
Click on "Assign metric".

8.
Specify a name and namespace for the metric filter.

9.
Choose a metric value like "1" to indicate unauthorized API calls.

10.
Click on "Create filter".

11.
Go back to the CloudWatch console and navigate to "Alarms" from the sidebar.

12.
Click on "Create alarm".

13.
In the "Create Alarm" wizard, choose "Select metric".

14.
Search and select the metric associated with the log filter created previously.

15.
Specify the alarm threshold based on the desired conditions for triggering the alarm.

16.
Configure the actions to be taken when the alarm is triggered (e.g., sending an email notification).

17.
Click on "Create alarm" to save the configuration.

Once the log metric filter and alarm are created, any unauthorized API calls will trigger the alarm, allowing immediate action to be taken to investigate and mitigate potential risks in compliance with GDPR guidelines.

Ensure a Log Metric Filter Rule for Unauthorized API Calls

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Codes:

Step-by-Step Guide for Remediation:

Is your System Free of Underlying Vulnerabilities?
Find Out Now