Benchmark: 4 Logging and Monitoring
Overview
This section contains recommendations for configuring logging and monitoring related options.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-oci-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 4 Logging and Monitoring.
Run this benchmark in your terminal:
powerpipe benchmark run oci_compliance.benchmark.cis_v200_4Snapshot and share results via Turbot Pipes:
powerpipe benchmark run oci_compliance.benchmark.cis_v200_4 --shareControls
- 4.1 Ensure default tags are used on resources
- 4.2 Create at least one notification topic and subscription to receive monitoring alerts
- 4.3 Ensure a notification is configured for Identity Provider changes
- 4.4 Ensure a notification is configured for IdP group mapping changes
- 4.5 Ensure a notification is configured for IAM group changes
- 4.6 Ensure a notification is configured for IAM policy changes
- 4.7 Ensure a notification is configured for user changes
- 4.8 Ensure a notification is configured for VCN changes
- 4.9 Ensure a notification is configured for changes to route tables
- 4.10 Ensure a notification is configured for security list changes
- 4.11 Ensure a notification is configured for network security group changes
- 4.12 Ensure a notification is configured for changes to network gateways
- 4.13 Ensure VCN flow logging is enabled for all subnets
- 4.14 Ensure Cloud Guard is enabled in the root compartment of the tenancy
- 4.15 Ensure a notification is configured for Oracle Cloud Guard problems detected
- 4.16 Ensure customer created Customer Managed Key (CMK) is rotated at least annually
- 4.17 Ensure write level Object Storage logging is enabled for all buckets