Traceability Loss - AWS
Description
Some AWS services (Such as EC2, ELB or S3) do not correctly set the logging property, which avoids the recording of log files. These files are useful to identify and trace malicious actions or anomalous behaviors. Alternatively, the log files do not have enough detail level.
Impact
Perform harmful actions without raising an alert.
Recommendation
Set the logging property in AWS instances that could handle important data.
Threat
Authenticated attacker from the Internet.
Expected Remediation Time
⏱️ 60 minutes.
Requirements
075 - Record exceptional events in logs376 - Register severity level377 - Store logs based on valid regulation378 - Use of log management systemRules
Aws Cluster Logging DisabledAws Trail Bucket Logging DisabledAws Persistent LogsAws Delivery FailingAws Without Audit LogsAws Access Logging DisabledAws Without FlowlogAws Audit Logging DisabledAws Referencing Missing S3 BucketAws User Activity Logging DisabledAws Instance Logs DisabledAws Cloudfront Logging DisabledAws Neptune Instance Logs DisabledAws Cluster Logs DisabledAws Trails Not MultiregionAws Eks Cluster Logging DisabledAws Opensearch Without Audit LogsAws Server Access Logging DisabledAws Flow Logs DisabledAws Virtual Gateway Access Logging DisabledAws Logging DisabledAws Dns Query Logging DisabledAws Broker Logs DisabledJson Yaml Access Logging DisabledTerraform User Activity Logging DisabledJson Yaml Access Logging Disabled CloudfrontTerraform Audit Logging DisabledJson Yaml Audit Logging DisabledTerraform Missing Logging ConfigJson Yaml Access Logs S3 DisabledJson Yaml Is Multi Region FalseJson Yaml User Activity Logging DisabledTerraform Is Multi Region Trail FalseTerraform Elb Access Logging DisabledJson Yaml Missing Logging ConfigurationFixes