Logging and monitoring

CloudWatch alarms not monitoring console log-in without MFA

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

AWS CloudWatch alarms feature allows to watch metrics and receive notifications when metrics fall outside the settings you configured. We identified that the cloud account ""{CloudAccount}"" is not configured with CloudWatch metrics to monitor console log-in without multi factor authentication.

  • Recommended Mitigation

    Ensure cloudwatch metric is set to monitor console log in without MFA. more details can be found in <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail-additional-examples.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail-additional-examples.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.