Logging and monitoring

Elasticsearch audit logs disabled

Risk Level

Informational (4)

Compliance Frameworks
  • AWS Foundational Security Best Practices Controls


Amazon OpenSearch Service (Amazon Elasticsearch Service successor) is a managed service that simplifies the deployment, operation, and scaling of OpenSearch clusters in AWS Cloud. It was found that the Elasticsearch domain {AwsElasticSearch} doesn't have audit log enabled. These logs track the activity on the Elasticsearch clusters and allow you to monitor and analyze events on the Elasticsearch clusters.
  • Recommend icon

    Recommended Mitigation

    It is recommended to enable audit logging at the Elasticsearch domain {AwsElasticSearch}. To enable the audit logging follow the steps at: <a href="https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html#audit-log-enabling" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/opensearch-service/latest/developerguide/audit-logs.html#audit-log-enabling</a>