Benchmark: 3 Maintenance, Monitoring and Analysis of Audit Logs
Overview
Collect, manage, and analyze audit logs of events that could help detect, understand, or recover from an attack.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-ibm-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 3 Maintenance, Monitoring and Analysis of Audit Logs.
Run this benchmark in your terminal:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_3Snapshot and share results via Turbot Pipes:
powerpipe benchmark run ibm_compliance.benchmark.cis_v100_3 --shareControls
- 3.1 Ensure auditing is configured in the IBM Cloud account
- 3.2 Ensure that archiving is enabled for audit events
- 3.3 Ensure that events are collected and processed to identify anomalies or abnormal events
- 3.4 Ensure alerts are defined on custom views to notify of unauthorized requests, critical account actions, and high-impact operations in your account
- 3.5 Ensure the account owner can login only from a list of authorized countries/IP ranges
- 3.6 Ensure Activity Tracker data is encrypted at rest
- 3.7 Ensure Activity Tracker trails are integrated with LogDNA Logs