Benchmark: 2 Logging and Monitoring
Overview
This section covers recommendations addressing Logging and Monitoring on Alibaba Cloud.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-alicloud-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 2 Logging and Monitoring.
Run this benchmark in your terminal:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_2Snapshot and share results via Turbot Pipes:
powerpipe benchmark run alicloud_compliance.benchmark.cis_v100_2 --shareControls
- 2.1 Ensure that ActionTrail are configured to export copies of all Log entries
- 2.2 Ensure the OSS used to store ActionTrail logs is not publicly accessible
- 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
- 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
- 2.5 Ensure virtual network flow log service is enabled
- 2.6 Ensure Anti-DDoS access and security log service is enabled
- 2.7 Ensure Web Application Firewall access and security log service is enabled
- 2.8 Ensure Cloud Firewall access and security log analysis is enabled
- 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
- 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
- 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
- 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
- 2.13 Ensure log monitoring and alerts are set up for VPC changes
- 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
- 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
- 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
- 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
- 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
- 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
- 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
- 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
- 2.22 Ensure a log monitoring and alerts are set up for security group changes
- 2.23 Ensure that Logstore data retention period is set 365 days or greater