Control: 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
Real-time monitoring of API calls can be achieved by directing ActionTrail Logs to Log Service and establishing corresponding query and alarms. It is recommended that a query and alarm be established for console logins that are not protected by multi-factor authentication (MFA).
Perform the following to ensure the log monitoring and alerts are set up for Management Console sign-in without MFA:
- Logon to SLS Console.
Log Service Audit Servicein the navigation pane.
- Go to
Access to Cloud Products > Global Configurationpage.
- Select a location of project for logs.
- Check the
Action Trailand configure a proper days.
Saveto save the changes.
- Go to
Access to Cloud Products > Global Configurationsclick
Log Management > Actiontrail Log.
- In the search/analytics console, input below query
"event.eventName": ConsoleSignin and "addionalEventData.loginAccount": false
- Create a dashboard and set alert for the query result.
Run the control in your terminal:
steampipe check alicloud_compliance.control.cis_v100_2_17
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share alicloud_compliance.control.cis_v100_2_17
This control uses a named query:manual_control