AWS and Cloudanix team co-authored this blog: Real-Time Threat and Anomaly Detection for Workloads on AWS

Cloudanix

AWS Cloudwatch Audit

CloudWatch Events should be used to help you respond to operational changes within your AWS resources.

AWS CloudWatch Events Should Be Used

CloudWatch Events should be used to help you respond to operational changes within your AWS resources.

AWS Config Changes Alarm

AWS Config configuration changes should be monitored using CloudWatch alarms.

AWS Console Sign In Without MFA Should Be Monitored

AWS Console Sign-In Requests Without MFA should be monitored using CloudWatch Events.

AWS Organizations Changes Alarm

Amazon Organizations changes should be monitored using AWS CloudWatch alarms.

Authorization Failures Alarm

Any unauthorized API calls made within your AWS account should be monitored using CloudWatch alarms.

CMK Disabled or Scheduled for Deletion Alarm

AWS CMK configuration changes should be monitored using CloudWatch alarms.

CloudTrail Changes Alarm

Aall AWS CloudTrail configuration changes should be monitored using CloudWatch alarms.

Console Sign-in Failures Alarm

Your AWS Console authentication process should be monitored using CloudWatch alarms.

EC2 Instance Changes Alarm

AWS EC2 instance changes should be monitored using CloudWatch alarms.

EC2 Large Instance Changes Alarm

AWS EC2 large instance changes should be monitored using CloudWatch alarms.

IAM Policy Changes Alarm

AWS IAM policy configuration changes should be monitored using CloudWatch alarms.

Internet Gateway Changes Alarm

AWS VPC Customer/Internet Gateway configuration changes should be monitored using CloudWatch alarms.

Network ACL Changes Alarm

AWS Network ACLs configuration changes should be monitored using CloudWatch alarms.

Root Account Usage Alarm

Root Account Usage should be monitored using CloudWatch alarms.

Route Table Changes Alarm

AWS Route Tables configuration changes should be monitored using CloudWatch alarms.

S3 Bucket Changes Alarm

AWS S3 Buckets configuration changes should be monitored using CloudWatch alarms.

Security Group Changes Alarm

AWS security groups configuration changes should be monitored using CloudWatch alarms.

VPC Changes Alarm

AWS VPCs configuration changes should be monitored using CloudWatch alarms.

Event Bus Should Not Be Exposed

Your AWS CloudWatch event bus should not be exposed to everyone.

EventBus Should Not Allow Cross Account Access

AWS CloudWatch event buses should not allow unknown cross-account access for delivery of events.

CloudWatch Alarm for VPC Flow Logs Metric Filter

A CloudWatch alarm should be created for the VPC Flow Logs metric filter and an alarm action should be configured.

Metric Filter for VPC Flow Logs CloudWatch Log Group

A log metric filter for the CloudWatch group assigned to the VPC Flow Logs should be created.

Ready to see your graph?

Connect a cloud account in under 30 minutes. See every finding rooted in identity, asset, and blast radius — with a fix path attached.

Book a Demo

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.