ELB Access Log is Disabled
Ensure ELB access log is enabled, In order to maintain visibility to changes
Blog
Project with Cloud Asset Inventory API disabled
GCP Cloud Asset Inventory is a service that provides a historical view of GCP resources and IAM policies through a...
EKS control plane logging is disabled
EKS control plane logging is disabled on {AwsEksCluster} cluster. EKS control plane logging provides audit and diagnostic logs. These logs...
SQL server audit retention less than 90 days
Audit logs retention period is less than 90 days for {AzureSqlDbServer} SQL db. Audit Logs can be used to check...
Enhanced instance metadata service (IMDSv2) is not enforced
The use of IMDSv2, the enhanced version of the Instance Metadata Service, is not enforced on the EC2 instance {AwsEc2Instance}...
ACM certificate without Transparency Logging
We have found an ACM certificate ('{AwsCertificate}') without transparency logging enabled. To guard against SSL/TLS certificates that are issued by...
Log monitoring is not set up for unauthorized API calls
Log Service is a real-time data logging service that supports collection, consumption, shipping, search, and analysis of logs. It was...
Audit log retention period is not set to 365 days
Log retention controls how long activity logs should be retained. Studies have shown that The Mean Time to Detect (MTTD)...
PostgreSQL instance with ‘log_connections’ flag disabled
PostgreSQL does not log attempted connections by default. Enabling the 'log_connections' setting will create log entries for each attempted connection...