AWS-015 Amazon Web Services (AWS)

CloudWatch metric filters & alarms exist for critical events.

CloudWatch metric filters & alarms exist for critical events.

Domain
Amazon Web Services (AWS)
Area
Logging
Automated / manual
Automated

Risk if it fails

Critical events with no alarm = silent compromise.

Even with logs, nobody reads them in real time. Without alarms, the warning signs of an attack scroll past unseen until real damage is done.

How Tess tests it

1 test — each concludes only on cited evidence.

CloudWatch metric filters & alarms exist for critical events.

Automated
Procedure
Verify metric filters/alarms for root usage, unauthorized API calls, IAM policy changes, console sign-in failures.

Read-only command 

aws logs describe-metric-filters
aws cloudwatch describe-alarms --query 'MetricAlarms[].AlarmName'

More in Amazon Web Services (AWS)

AWS-001 Root account MFA is enabled. AWS-002 No access keys exist on the root account. AWS-003 Root account is not used for day-to-day activity. AWS-004 Strong IAM password policy is enforced.

Want Tess to test AWS-015 against your evidence?

Book a demo