v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/ibm_compliance
Overview
1Dashboards
67Controls
20Queries
0Variables
GitHub

Control: 1.18 Enable audit logging for IBM Cloud Identity and Access Management

Description

Use the IBM Cloud Activity Tracker with LogDNA service to monitor certain IAM events.

Remediation

You must create an instance of the IBM Cloud Activity Tracker with LogDNA service in the Frankfurt region to start tracking IAM events. Use a minimum of a 7-day event search.

From Console

  1. Log in to IBM Cloud
  2. Go to the Menu icon. Then, select Observability to access the Observability dashboard.
  3. Select Activity Tracker from the page navigation menu
  4. Click Create instance to create an instance of IBM Cloud Activity Tracker with LogDNA.
  5. In the Select a region drop down, choose Frankfurt
  6. Select a pricing plan, service name, resource group, and provide optional tags. Choose a plan that offers a minimum of 7-day event search.
  7. Click Create.

By default, audit logging with Activity Tracker with LogDNA is not enabled.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_1_18

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_1_18 --share

SQL

This control uses a named query:

manual_control

Tags

category = Compliance
cis = true
cis_item_id = 1.18
cis_level = 1
cis_section_id = 1
cis_type = manual
cis_version = v1.0.0
plugin = ibm
service = IBM/IAM