TF 0349 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Ensure a log metric filter and alarm exist for AWS Config configuration changes
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | cloudwatch |
| Provider | AWS |
Description
You can do real-time monitoring of API calls by directing CloudTrail logs to CloudWatch Logs and establishing corresponding metric filters and alarms.
CIS recommends that you create a metric filter and alarm for changes to AWS Config configuration settings. Monitoring these changes helps ensure sustained visibility of configuration items in the account.
Resolution
Create an alarm to alert on AWS Config configuration changes