Benchmark: 10.7.a Examine security policies and procedures to verify that they define audit log retention policies and procedures for retaining audit logs for at least one year, with a minimum of three months immediately available online
Description
Retaining logs for at least a year allows for the fact that it often takes a while to notice that a compromise has occurred or is occurring, and allows investigators sufficient log history to better determine the length of time of a potential breach and potential system(s) impacted. By having three months of logs immediately available, an entity can quickly identify and minimize impact of a data breach. Storing logs in off-line locations could prevent them from being readily available, resulting in longer time frames to restore log data, perform analysis, and identify impacted systems or data.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 10.7.a Examine security policies and procedures to verify that they define audit log retention policies and procedures for retaining audit logs for at least one year, with a minimum of three months immediately available online.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_10_7_aSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v321_requirement_10_7_a --shareControls
- Backup plan min frequency and min retention check
- Backup recovery points manual deletion should be disabled
- Backup recovery points should not expire before retention period
- S3 buckets should have lifecycle policies configured
- S3 buckets with versioning enabled should have lifecycle policies configured