Get Involved
Query: 1.1 Monitor account owner for frequent, unexpected, or unauthorized logins
Description
Monitor login activity of the account owner to prevent unauthorized usage of the privileged account.
Query
Tables used in this query:
Controls using this query:
- 1.1 Monitor account owner for frequent, unexpected, or unauthorized logins
- 1.14 Minimize the number of users with admin privileges in the account
- 1.15 Minimize the number of Service IDs with admin privileges in the account
- 1.17 Ensure Inactive User Accounts are Suspend
- 1.18 Enable audit logging for IBM Cloud Identity and Access Management
- 1.19 Ensure Identity Federation is set up with a Corporate IDP
- 1.2 Ensure API keys unused for 180 days are detected and optionally disabled
- 1.6 Ensure compliance with IBM Cloud password requirements
- 2.1.2 Ensure network access for Cloud Object Storage is restricted to specific IP range
- 2.1.3 Ensure network access for Cloud Object Storage is set to be exposed only on Private end-points
- 2.1.4 Ensure Cloud Object Storage bucket access is restricted by using IAM and S3 access control
- 2.2.1.1 Ensure Block Storage is encrypted with customer managed keys
- 2.2.1.2 Ensure Block Storage is encrypted with BYOK
- 2.2.1.3 Ensure Block Storage is encrypted with KYOK
- 2.2.2 Ensure 'OS disk' are encrypted with Customer managed keys
- 2.2.3 Ensure 'Data disks' are encrypted with customer managed keys
- 2.2.4 Ensure 'Unattached disks' are encrypted with customer managed keys
- 3.1 Ensure auditing is configured in the IBM Cloud account
- 3.2 Ensure that archiving is enabled for audit events
- 3.3 Ensure that events are collected and processed to identify anomalies or abnormal events
- 3.4 Ensure alerts are defined on custom views to notify of unauthorized requests, critical account actions, and high-impact operations in your account
- 3.5 Ensure the account owner can login only from a list of authorized countries/IP ranges
- 3.6 Ensure Activity Tracker data is encrypted at rest
- 3.7 Ensure Activity Tracker trails are integrated with LogDNA Logs
- 4.1 Ensure IBM Cloud Databases disk encryption is enabled with customer managed keys
- 4.2 Ensure IBM Cloud Databases are only accessible via HTTPS or TLS Connections
- 4.3 Ensure network access to IBM Cloud Databases service is set to be exposed on βPrivate end points only
- 4.4 Ensure IBM Cloud Databases disk encryption is set to On
- 5.1 Ensure Cloudant encryption is set to On
- 5.2 Ensure IBM Cloudant encryption is enabled with customer managed keys
- 5.3 Ensure IBM Cloudant is only accessible via HTTPS or TLS Connections
- 6.2.2 Ensure the default security group of every VPC restricts all traffic
- 7.1.1.1 Ensure Kubernetes secrets data is encrypted with bring your own key (BYOK)
- 7.1.1.2 Ensure Kubernetes secrets data is encrypted with keep your own key (KYOK)
- 7.1.2 Ensure TLS 1.2 for all inbound traffic at IBM Cloud Kubernetes Service Ingress
- 7.1.3 Ensure IBM Cloud Kubernetes Service worker nodes are updated to the latest image to ensure patching of vulnerabilities
- 7.1.4 Ensure that clusters are accessible only by using private endpoints
- 7.1.5 Ensure IBM Cloud Kubernetes Service cluster has image pull secrets enabled
- 7.1.6 Ensure IBM Cloud Kubernetes Service clusters have the monitoring service enabled
- 7.1.7 Ensure IBM Cloud Kubernetes Service clusters have the logging service enabled
- 7.2.1 Block deployments of vulnerable images to Kubernetes clusters
- 8.1.1 Ensure IBM Key Protect has automated rotation for customer managed keys enabled
- 8.1.2 Ensure the IBM Key Protect service has high availability
- 9.1 Ensure alerts are enabled for vulnerabilities discovered in container images in Container Registry