Logging and monitoring

Create a Metric Alarm and Filter for security group changes

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Groups are a stateful packet filter that controls ingress and egress traffic within a VPC. Monitoring changes to security group will help ensure that resources and services are not unintentionally exposed.

  • Recommended Mitigation

    It is recommended that a metric filter and alarm be established for detecting changes to Security Groups.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.