Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated) - Complete Cloud Security in Minutes - Orca Security

Workload misconfigurations

Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)

Risk Level

Informational (4)

Platform(s)

Description

Basic statement logging can be provided by the standard logging facility with log_statement = all. This is acceptable for monitoring and other uses but does not provide the level of detail generally required for an audit. It is not enough to have a list of all the operations performed against the database, it must also be possible to find particular statements that are of interest to an auditor.

Recommended Mitigation

Further relevant information can be found in the following AWS documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Parameters.html

See Orca in action

See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.