Benchmark: 10.4: Audit logs are reviewed to identify anomalies or suspicious activity
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 10.4: Audit logs are reviewed to identify anomalies or suspicious activity.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10_4
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.pci_dss_v40_requirement_10_4 --share
Benchmarks
- 10.4.1: Potentially suspicious or anomalous activities are quickly identified to minimize impact
- 10.4.1.1: Automated mechanisms are used to perform audit log reviews
- 10.4.2: Logs of all other system components (those not specified in Requirement 10.4.2) are reviewed periodically
- 10.4.3: Exceptions and anomalies identified during the review process are addressed