turbot/alicloud_compliance

Control: 2.9 Ensure Security Center Network, Host and Security log analysis is enabled

Description

Log Service collects log entries of Security Center for security logs, network logs, and host logs, with 14 subtypes, including

  1. Security logs
    • Vulnerability logs
    • Baseline logs
    • Security alerting logs
  2. Security logs
    • Vulnerability logs
    • Baseline logs
    • Security alerting logs
  3. Network logs
    • DNS logs
    • Local DNS logs
    • Network session logs
    • Web logs
  4. Server logs
    • Process initiation logs
    • Network connection logs
    • System logon logs
    • Brute-force cracking logs
    • Process snapshots
    • Account snapshots
    • Port listening snapshots

The Log Service supports real-time log query and analysis over the logs mentioned above. The query results are centrally displayed in dashboards.

Remediation

Perform the following ensure the Cloud Firewall access and security log is enabled:

From Console

  1. Logon to Security Center Console.
  2. In the left-side navigation pane, select Investigation > Log Analysis to enter the Activate Log Analysis page.
  3. Click Active Now on the Activate log Analysis page.
  4. On the Purchase page, check Full Log and configure some other settings as needed.
  5. Click Purchase Now.
  6. In the Activate log Analysis click Activate log Analysis to complete the authorization.
  7. In the log type menu, check the log types to enable the log collection.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_2_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_2_9 --share

SQL

This control uses a named query:

manual_control

Tags