Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Log Group Retention Period Requirement

This rule mandates that log group retention period must be a minimum of 365 days.

RuleLog group retention period should be at least 365 days
FrameworkNIST 800-171 Revision 2
Severity
High

Rule Description:

The rule requires the retention period for the log group to be set to a minimum of 365 days for compliance with NIST 800-171 Revision 2. This ensures that logs containing critical information are retained for an extended period, allowing for effective monitoring, analysis, and auditing.

Troubleshooting Steps:

If the log group retention period is not set to a minimum of 365 days, you may encounter compliance issues with NIST 800-171 Revision 2. Here are the troubleshooting steps to rectify this:

  1. 1.

    Verify the current retention period: Check the settings for the log group retention period to determine its current value.

  2. 2.

    Update the retention period: If the retention period is set to less than 365 days, you need to update it accordingly.

Necessary Code:

To update the retention period for a log group using AWS CLI, you can utilize the

put-retention-policy
command.

aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365

Replace

<log-group-name>
with the name of the log group you want to update.

Step-by-Step Guide for Remediation:

To set the log group retention period to at least 365 days for compliance with NIST 800-171 Revision 2, follow these steps:

  1. 1.

    Open the AWS Management Console and navigate to the Amazon CloudWatch service.

  2. 2.

    In the left navigation panel, click on "Log groups."

  3. 3.

    Search for the desired log group by using the search bar or by scrolling through the list.

  4. 4.

    Select the log group for which you want to update the retention period.

  5. 5.

    Click on the "Actions" dropdown menu and choose "Modify retention."

  6. 6.

    In the "Modify retention" dialog box, enter "365" in the field to set the retention period to 365 days.

  7. 7.

    Click on "Save" to apply the changes.

  8. 8.

    Alternatively, if you prefer using AWS CLI, open a command-line interface or AWS CLI terminal.

  9. 9.

    Execute the following command, replacing

    <log-group-name>
    with the name of the log group:

aws logs put-retention-policy --log-group-name <log-group-name> --retention-in-days 365
  1. 1.
    Verify the update by checking the log group's retention period.

By following these steps, you will ensure that the log group retention period is set to at least 365 days, maintaining compliance with NIST 800-171 Revision 2.

Is your System Free of Underlying Vulnerabilities?
Find Out Now