To choose the metric filter, select the check box at the upper right.įollow the steps provided in Create an alarm Under Review and create, review the details and choose Create metric filter.Ĭhoose the Metric filters tab, select the metric filter that you just created. The name of the metric is required to create the alarm.For Metric name, enter a name for the metric.You can use the same namespace for all of your CIS log metric filters. For Metric namespace, enter CISBenchmark.In Filter name, enter a name for your metric filter.Select the check box for the log group that you made a note of in the previous step (4).įrom Actions, choose Create Metric Filter.Ĭopy the following pattern and then paste it into the Filter Pattern field. In the navigation pane, choose Log groups. Open the CloudWatch console at CloudWatch. Make a note of the associated log group name.To do so, follow the remediation steps in CIS 3.1 – Ensure CloudTrail is enabled in all Regions. Set up an active CloudTrail that applies to all Regions.
Create at least one subscriber to the topic. Create an Amazon SNS topic that receives all CIS alarms.
The steps to remediate this issue include setting up an Amazon SNS topic, a metric filter, and an alarm for the metric filter. Monitoring for root account logins will provide visibility into the use of a fully privileged account and an opportunity to reduce the use of it. It is recommended that a metric filter and alarm be established for root login attempts. Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms.
0 kommentar(er)
