Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 2.8 Ensure Cloud Firewall access and security log analysis is enabled

Description

Log Service collects log entries of internet traffic that are protected by Cloud Firewall, and supports real-time log query and analysis. The query results are centrally displayed in dashboards.

Remediation

Perform the following ensure the Cloud Firewall access and security log is enabled:

From Console

  1. Logon to Cloud Firewall Console.
  2. In the left-side navigation pane, select Advanced Features > Log Analysis.
  3. Click Active Now on the Log Analysis page.
  4. Select your log storage capacity, and then click Pay to complete the payment.
  5. Go back to Log Analysis page on Cloud Firewall console.
  6. Click the Status on the right side to enable the Log Analysis service.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_2_8

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_2_8 --share

SQL

This control uses a named query:

select
  'arn:acs:::' || account_id as resource,
  'info' as status,
  'Manual verification required.' as reason
  , account_id as account_id
from
  alicloud_account;

Tags

category = Compliance
cis = true
cis_item_id = 2.8
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/CloudFirewall