Control: AWS > CIS v1 > 3 Monitoring > 3.10 Ensure a log metric filter and alarm exist for security group changes (Scored)

Configures auditing against a CIS Benchmark item.

Level: 2 (Scored)

Real-time monitoring of API calls can be achieved by directing CloudTrail Logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Groups are a stateful packet filter that controls ingress and egress traffic within a VPC. It is recommended that a metric filter and alarm be established changes to Security Groups.

Resource Types

This control targets the following resource types:

AWS > Account

Policies

This control type relies on these other policies when running actions:

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-cisv1#/control/types/r0310

Category URI

tmod:@turbot/cis#/control/categories/v070408

GraphQL

query controlType(id: "tmod:@turbot/aws-cisv1#/control/types/r0310") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-cisv1#/control/types/r0310'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-cisv1#/control/types/r0310"