AWS > Cloudwatch >

CloudWatch Monitoring Metrics

MEDIUM

Source

CloudSploit

ID

cloudwatch-monitoring-metrics

management console

CloudWatch Monitoring Metrics

Ensures metric filters are setup for CloudWatch logs to detect security risks from CloudTrail.

Sending CloudTrail logs to CloudWatch is only useful if metrics are setup to detect risky activity from those logs. There are numerous metrics that should be used. For the exact filter patterns, please see this plugin on GitHub: https://github.com/cloudsploit/scans/blob/master/plugins/aws/cloudwatchlogs/monitoringMetrics.js

Recommended Actions

Enable metric filters to detect malicious activity in CloudTrail logs sent to CloudWatch.

Links

http://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use