Aws User Activity Logging Disabled
Description
Detects when AWS Redshift clusters have user activity logging disabled. User activity logging is critical for security auditing and compliance as it tracks user actions within the database cluster. Disabling this logging capability reduces visibility into potential security incidents and user behaviors.
Detection Strategy
• Checks all Redshift clusters in the specified AWS region
• Examines each cluster's parameter groups for the 'enable_user_activity_logging' parameter
• Reports a vulnerability if the parameter value is set to 'false'
• Includes the cluster identifier and parameter details in the vulnerability report
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.