Logging and monitoring
Elasticsearch audit logs disabled
Risk Level
Informational (4)
Platform(s)
Compliance Frameworks
- AWS Foundational Security Best Practices Controls
Description
Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch clusters in AWS Cloud. It was found that the Elasticsearch domain {AwsElasticSearch} doesn't have audit log enabled. These logs track the activity on the Elasticsearch clusters and allow you to monitor and analyze events on the Elasticsearch clusters.-
Recommended Mitigation
It is recommended to enable audit logging at the Elasticsearch domain {AwsElasticSearch}. To enable the audit logging follow the steps at: <a href="https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html#audit-log-enabling" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html#audit-log-enabling</a>