More Info:

A CloudWatch alarm should be created for the VPC Flow Logs metric filter and an alarm action should be configured.

Risk Level

High

Address

Security

Compliance Standards

SOC2, HIPAA, ISO27001

Triage and Remediation

Remediation

To remediate the CloudWatch Alarm for VPC Flow Logs Metric Filter in AWS, you can follow these steps:

  1. Log in to the AWS Management Console.
  2. Navigate to the CloudWatch service.
  3. Click on “Alarms” in the left-hand menu.
  4. Find the alarm for the VPC Flow Logs Metric Filter that needs to be remediated.
  5. Click on the alarm name to open the alarm details.
  6. Click on the “Actions” dropdown and select “Edit”.
  7. In the “Alarm Threshold” section, adjust the threshold to the appropriate value. This will depend on the specific metric being monitored, and the desired level of sensitivity for the alarm.
  8. Click “Next”.
  9. Review the alarm settings and click “Update Alarm” to save the changes.

Once the alarm is updated, it will trigger based on the new threshold settings.

Additional Reading: