Project Description
Ensure accounts have properly configured monitoring and alerting (e.g. CLoudTrail). This Op is unnecessary if you are using the centralized monitoring configuration.
Supported Services:
CloudTrail, Config, CloudWatch, GuardDuty, S3
Summary:
This Op properly configures a recommended baseline monitoring and alerting infrastructure for AWS accounts. This is the local account version that does not centralize logs and alerts. Use the *Integrate with central monitoring* Op if you want the account linked into the DisruptOPS centralized infrastructure. This Op enables CloudTrail in all regions, saves the logs to a new (local) S3 bucket, streams the activity to CloudWatch, and enables Config and GuardDuty. It can optionally run the *Implement local account security alerts* Op. It then monitors the account to maintain the configuration over time.
Supported Issue Types:
- Account is not configured with recommended monitoring and alerting configuration
- Monitoring and alerting exists but does not match required configuration
- CloudTrail/Config/CloudWatch/GuardDuty is not configured correctly and should be repaired
Supported Actions:
- Implement local monitoring and alerting configuration
- Repair non-compliant monitoring and alerting configuration
Platform:
Related Articles
Fashion App’s Faux Pas: Open Buckets of (21) Buttons
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
Supercharging Security Hub: Part 4, Taking Action
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.
