400 – Traceability Loss - AWS

Description

Some AWS services (Such as EC2, ELB or S3) do not correctly set the logging property, which avoids the recording of log files. These files are useful to identify and trace malicious actions or anomalous behaviors. Alternatively, the log files do not have enough detail level.

Impact

Perform harmful actions without raising an alert.

Recommendation

Set the logging property in AWS instances that could handle important data.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

60 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): L
• Availability (VA): N
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 075 - Record exceptional events in logs
• 376 - Register severity level
• 377 - Store logs based on valid regulation
• 378 - Use of log management system

Fixes

• Aws
• Cloudformation

Last updated

2024/02/20