Create a Metric Alarm and Filter for changes to Network Access Control Lists (NACL)

Logging and monitoring

Create a Metric Alarm and Filter for changes to Network Access Control Lists (NACL)

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS CIS
Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
CPRA
CSA CCM
Data Security Posture Management (DSPM) Best Practices
GDPR
hdh
HITRUST
ISO/IEC 27001
Mitre ATT&CK
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. NACLs are used as a stateless packet filter to control ingress and egress traffic for subnets within a VPC. Monitoring changes to NACLs will help ensure that AWS resources and services are not unintentionally exposed.

Recommended Mitigation

It is recommended that a metric filter and alarm be established for changes made to NACLs.

Create a Metric Alarm and Filter for changes to Network Access Control Lists (NACL)

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS