TF 0245 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure MSK Cluster logging is enabled
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | msk |
| Provider | AWS |
| Vulnerability Type | omission |
Description
The MSK (Managed Streaming for Kafka) cluster is configured without broker log delivery to CloudWatch, Kinesis Firehose, or S3. This omission means operational events and errors within the Kafka cluster are not being captured for monitoring or troubleshooting.
Impact
Without broker logging enabled, detecting, diagnosing, and responding to incidents such as data loss, configuration issues, or unauthorized access becomes significantly more difficult. This lack of visibility can delay incident response, complicate audits, and increase the risk of prolonged outages or undetected security breaches.
Resolution
Enable logging