Free Assessment

Amazon_CloudWatch_1

Ensure a log metric filter and alarm exist for unauthorized API calls

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. It is recommended that a metric filter and alarm be established for unauthorized API calls.

Remediation

Perform the following to Ensure a log metric filter and alarm exist for unauthorized API calls:

Note : Filter pattern for unauthorized API calls

filterPattern”: “{ ($.errorCode = “*UnauthorizedOperation””) || ($.errorCode =
“”AccessDenied*””) }””

Perform the following to setup the metric filter

Service

CloudWatch

Severity

Medium

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More