Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 2.5 Ensure virtual network flow log service is enabled

Description

The flow log can be used to capture the traffic of an Elastic Network Interface (ENI), Virtual Private Cloud (VPC) or Virtual Switch (VSwitch). The flow log of a VPC or VSwitch shall be integrated with Log Service to capture the traffic of all ENIs in the VPC or VSwtich including the ENIs created after the flow log function is enabled. The traffic data captured by flow logs is stored in Log Service for real-time monitoring and analysis. A capture window is about 10 minutes, during which the traffic data is aggregated and then released to flow log record.

Remediation

Perform the following ensure the virtual network flow log is enabled:

From Console

  1. Logon to VPC console.
  2. In the left-side navigation pane, click FlowLog.
  3. Select the region to which the flow log is to be created.
  4. On the FlowLog page, click Create FlowLog.
  5. On the Create FlowLog page, set the required parameters by following the instruction, and then click OK.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_2_5

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_2_5 --share

SQL

This control uses a named query:

select
  'arn:acs:::' || account_id as resource,
  'info' as status,
  'Manual verification required.' as reason
  , account_id as account_id
from
  alicloud_account;

Tags

category = Compliance
cis = true
cis_item_id = 2.5
cis_level = 1
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/VPC