Control: AWS > HIPAA > Account > Ensure a log metric filter and alarm exist for AWS Management Console authentication failures

You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms. Security Hub recommends that you create a metric filter and alarm for failed console authentication attempts.

Resource Types

This control targets the following resource types:

AWS > Account

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-hipaa#/control/types/logMetricFilterConsoleAuthenticationFailure

Category URI

tmod:@turbot/turbot#/control/categories/complianceHipaa

GraphQL

query controlType(id: "tmod:@turbot/aws-hipaa#/control/types/logMetricFilterConsoleAuthenticationFailure") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-hipaa#/control/types/logMetricFilterConsoleAuthenticationFailure'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-hipaa#/control/types/logMetricFilterConsoleAuthenticationFailure"