Query: 2.10 Ensure log monitoring and alerts are set up for RAM Role changes

Description

It is recommended that a query and alarm should be established for RAM Role creation, deletion and updating activities.

Query

Tables used in this query:

• oci_identity_tenancy

Controls using this query:

• 2.10 Ensure log monitoring and alerts are set up for RAM Role changes
• 2.11 Ensure log monitoring and alerts are set up for Cloud Firewall changes
• 2.12 Ensure log monitoring and alerts are set up for VPC network route changes
• 2.13 Ensure log monitoring and alerts are set up for VPC changes
• 2.14 Ensure log monitoring and alerts are set up for OSS permission changes
• 2.15 Ensure log monitoring and alerts are set up for RDS instance configuration changes
• 2.16 Ensure a log monitoring and alerts are set up for unauthorized API calls
• 2.17 Ensure a log monitoring and alerts are set up for Management Console sign-in without MFA
• 2.18 Ensure a log monitoring and alerts are set up for usage of 'root' account
• 2.19 Ensure a log monitoring and alerts are set up for Management Console authentication failures
• 2.20 Ensure a log monitoring and alerts are set up for disabling or deletion of customer created CMKs
• 2.21 Ensure a log monitoring and alerts are set up for OSS bucket policy changes
• 2.22 Ensure a log monitoring and alerts are set up for security group changes
• 2.23 Ensure that Logstore data retention period is set 365 days or greater
• 2.3 Ensure audit logs for multiple cloud resources are integrated with Log Service
• 2.4 Ensure Log Service is enabled for Container Service for Kubernetes
• 2.5 Ensure virtual network flow log service is enabled
• 2.6 Ensure Anti-DDoS access and security log service is enabled
• 2.7 Ensure Web Application Firewall access and security log service is enabled
• 2.8 Ensure Cloud Firewall access and security log analysis is enabled
• 2.9 Ensure Security Center Network, Host and Security log analysis is enabled
• 3.3 Ensure VPC flow logging is enabled in all VPCs
• 3.4 Ensure routing tables for VPC peering are 'least access'
• 3.5 Ensure the security group are configured with fine grained rules
• 4.5 Ensure that the latest OS Patches for all Virtual Machines are applied
• 5.2 Ensure that there are no publicly accessible objects in storage buckets
• 5.5 Ensure that the shared URL signature expires within an hour
• 5.6 Ensure that URL signature is allowed only over https
• 7.1 Ensure Log Service is set to 'Enabled' on Kubernetes Engine Clusters
• 7.4 Ensure Cluster Check triggered at least once per week for Kubernetes Clusters
• 7.5 Ensure Kubernetes web UI / Dashboard is not enabled
• 7.6 Ensure Basic Authentication is not enabled on Kubernetes Engine
• 7.9 Ensure Kubernetes Cluster is created with Private cluster enabled
• 8.3 Ensure that Automatic Quarantine is enabled
• 8.4 Ensure that Webshell detection is enabled on all web servers
• 8.5 Ensure that notification is enabled on all high risk items
• 8.6 Ensure that Config Assessment is granted with privilege
• 8.7 Ensure that scheduled vulnerability scan is enabled on all servers
• 8.8 Ensure that Asset Fingerprint automatically collects asset fingerprint data

SQL