Control: 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
Description
Log Service collects log entries of Security Center for security logs, network logs, and host logs, with 14 subtypes, including
- Security logs
- Vulnerability logs
- Baseline logs
- Security alerting logs
- Security logs
- Vulnerability logs
- Baseline logs
- Security alerting logs
- Network logs
- DNS logs
- Local DNS logs
- Network session logs
- Web logs
- Server logs
- Process initiation logs
- Network connection logs
- System logon logs
- Brute-force cracking logs
- Process snapshots
- Account snapshots
- Port listening snapshots
The Log Service supports real-time log query and analysis over the logs mentioned above. The query results are centrally displayed in dashboards.
Remediation
Perform the following ensure the Cloud Firewall access and security log is enabled:
From Console
- Logon to Security Center Console.
- In the left-side navigation pane, select
Investigation > Log Analysisto enter theActivate Log Analysispage. - Click
Active Nowon theActivate log Analysispage. - On the
Purchasepage, checkFull Logand configure some other settings as needed. - Click
Purchase Now. - In the
Activate log AnalysisclickActivate log Analysisto complete the authorization. - In the
log typemenu, check the log types to enable the log collection.
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_2_9Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_2_9 --shareSQL
This control uses a named query:
select 'arn:acs:::' || account_id as resource, 'info' as status, 'Manual verification required.' as reason , account_id as account_idfrom alicloud_account;