turbot/ibm_compliance

Control: 3.7 Ensure Activity Tracker trails are integrated with LogDNA Logs

Description

Check whether Activity Tracker trails are integrated with LogDNA Logs.

Remediation

Managing Activity Tracker trails with LogDNA logs are multistep processes.

  1. Log in to IBM Cloud
  2. Go to the Menu icon. Then, select Observability to access the Observability dashboard.
  3. Select Activity Tracker from the page navigation menu to see the auditing instances. Select Logging from the page navigation menu to see the logging instances.
  4. Check that you can see an Activity Tracker instance in Frankfurt and one instance for each location where you operate in the IBM Cloud.
  5. To launch the LogDNA web UI, for each instance, select View LogDNA.
  6. In the LogDNA web UI, verify that you can see audit events.
  7. Identify the LogDNA instance ID in the LogDNA URL. This ID is used as part of the name of the archive file.

Further

  1. If the option to configure archiving is not allowed, upgrade the instance’s service plan.
  2. If archiving is not enabled for an instance, review and define the archiving strategy.Then, configure archiving for an audit instance.
  3. If you cannot find an instance of IBM Cloud Object Storage (COS) in your account, provision on.

Usage

Run the control in your terminal:

powerpipe control run ibm_compliance.control.cis_v100_3_7

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run ibm_compliance.control.cis_v100_3_7 --share

SQL

This control uses a named query:

manual_control

Tags