Powerpipe Detection Mods →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Benchmark: 3.14.2e Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior

Description

Monitoring is used to identify unusual, suspicious, or unauthorized activities or conditions related to organizational systems and system components. Such activities or conditions can include unusual internal systems communications traffic, unauthorized exporting of information,signaling to external systems, large file transfers, long-time persistent connections, attempts to access information from unexpected locations, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses. The correlation of physical, time, or geolocation audit record information to the audit records from systems may assist organizations in identifying examples of anomalous behavior. For example, the correlation of an individual’s identity for logical access to certain systems with the additional information that the individual was not present at the facility when the logical access occurred is indicative of anomalous behavior.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-aws-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 3.14.2e Monitor organizational systems and system components on an ongoing basis for anomalous or suspicious behavior.

Run this benchmark in your terminal:

powerpipe benchmark run aws_compliance.benchmark.nist_800_172_3_14_2_e

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run aws_compliance.benchmark.nist_800_172_3_14_2_e --share

Controls

Tags

category = Compliance
nist_800_172 = true
plugin = aws
service = AWS
type = Benchmark