| Guidance | Review logging and monitoring policies and procedures for adequacy, retention, defined thresholds and secure maintenance, specifically for detecting unauthorized activity for AWS services.
|
|---|
| Recommendations | âž– Review logging and monitoring policies and procedures and ensure the inclusion of AWS services, including Amazon EC2 instances for security related events.
âž– Verify that logging mechanisms are configured to send logs to a centralized server, and ensure that for Amazon EC2 instances the proper type and format of logs are retained in a similar manner as with physical systems.
âž– For customers using AWS CloudWatch, review the process and record of the use of network monitoring.
âž– Ensure analytics of events are utilized to improve defensive measures and policies.
âž– Review AWS IAM Credential report for unauthorized users, AWS Config and resource tagging for unauthorized devices
âž– Confirm aggregation and correlation of event data from multiple sources using AWS services such as:
â—¾ VPC Flow logs to identify accepted/rejected network packets entering VPC.
â—¾ AWS CloudTrail to identify authenticated and unauthenticated API calls to AWS services.
◾ ELB Logging – Load balancer logging.
◾ AWS CloudFront Logging – Logging of CDN distributions.
|
|---|
Review this entry