Get Involved
Query: 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
Description
It is recommended that a query and alarm should be established for RAM Role creation, deletion and updating activities.
Query
Tables used in this query:
Controls using this query:
- 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
- 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
- 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
- 2.13 Ensure log monitoring and alerts are set up for VPC changes
- 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
- 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
- 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
- 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
- 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
- 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
- 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
- 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
- 2.22 Ensure a log monitoring and alerts are set up for security group changes
- 2.23 Ensure that Logstore data retention period is set 365 days or greater
- 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
- 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
- 2.5 Ensure virtual network flow log service is enabled
- 2.6 Ensure Anti-DDoS access and security log service is enabled
- 2.7 Ensure Web Application Firewall access and security log service is enabled
- 2.8 Ensure Cloud Firewall access and security log analysis is enabled
- 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
- 3.3 Ensure VPC flow logging is enabled in all VPCs
- 3.4 Ensure routing tables for VPC peering are 'least access'
- 3.5 Ensure the security group are configured with fine grained rules
- 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied
- 5.2 Ensure that there are no publicly accessible objects in storage buckets
- 5.5 Ensure that the shared URL signature expires within an hour
- 5.6 Ensure that URL signature is allowed only over https
- 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters
- 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters
- 7.5 Ensure Kubernetes web UI / Dashboard is not enabled
- 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine
- 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled
- 8.3 Ensure that Automatic Quarantine is enabled
- 8.4 Ensure that Webshell detection is enabled on all web servers
- 8.5 Ensure that notification is enabled on all high risk items
- 8.6 Ensure that Config Assessment is granted with privilege
- 8.7 Ensure that scheduled vulnerability scan is enabled on all servers
- 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data