Logging and monitoring

Log monitoring is not set up for Management Console authentication failures

Description

Log Service is a real-time data logging service that supports collection, consumption, shipping, search, and analysis of logs. It was detected that log monitoring and alarm are not set up for management console authentication failures. Monitoring failed console logins may help to detect a credential brute force attempt and to provide an indicator, source IP for example, for other such events.
  • Recommended Mitigation

    It is recommended to set up an alarm in the central project, that will alert on management console authentication failures. The suggested query is written in this alert's query. For information about alert configuring: <a href="https://www.alibabacloud.com/help/en/log-service/latest/configure-an-alert-in-log-service" target="_blank" rel="noopener noreferrer">https://www.alibabacloud.com/help/en/log-service/latest/configure-an-alert-in-log-service</a>