Skip to main content
Sumo Logic

Install the CIS AWS Foundations Benchmark App and view the Dashboards

Install the Sumo Logic App

Now that you have configured CIS AWS Foundation Benchmark, install the Sumo Logic App for CIS AWS Foundation Benchmark to take advantage of the preconfigured searches and dashboards to analyze your data. 

To install the app:

  1. Select App Catalog, search for and select the app, and click Add to Library. (In the classic UI, click Library, click Apps, select the app, and click Install. If you don't find the app under Apps, it might be a preview app. Try clicking Preview to find the app.)
  2. Click Preview Dashboards if you'd like to see a preview of the dashboards included with the app before installing.
  3. In the Install Application dialog box, select the installation path (the default is the Personal folder in the library), or click New Folder to add a new folder.
  4. Select either of these options for the log data source.
  • Choose Select from Existing Source Categories, and select the source catalog from the Source Category list.
  • Choose Enter a Custom Data Filter and enter a custom source category beginning with an underscore. Example: (_sourceCategory=MyCategory).
  1. Click Add to Library.

Once an app is installed, it will appear in your Personal folder, or other folder that you specified. From here, you can share it with your organization. See Welcome to the New Library for information on working with the library in the new UI.

Panels will start to fill automatically. It's important to note that each Panel slowly fills with data matching the time range query and received since the Panel was created. Results won't immediately be available, but with a bit of time, you'll see full graphs and maps. 

For context regarding the CIS AWS Foundation Benchmark App, check out this blog where we describe the monitoring controls.

Dashboards

CIS AWS Foundations Benchmark App - Change Control

This Change Control Dashboard includes filters that you can use in Interactive Mode to further analyze your data.

Config Changes. Shows the count of configuration changes done by each user for the last 24 hours.

IAM Policy Changes. Shows the count of IAM policy changes done by each user for the last 24 hours.

CloudTrail Changes. Shows the count of CloudTrail changes done by each user for the last 24 hours.

Gateway Changes. Shows the count of Gateway changes done by each user for the last 24 hours.

Route Table Changes. Shows the count of Route Table changes done by each user for the last 24 hours.

Network ACL Cganges. Shows the count of Network ACL changes done by each user for the last 24 hours.

Security Group Changes. Shows the count of Security Group changes done by each user for the last 24 hours.

VPC Changes. Shows the count of VPC changes done by each user for the last 24 hours.

S3 Bucket Policy Changes. Shows the count of S3 Bucket Policy changes done by each user for the last 24 hours.

CIS AWS Foundations Benchmark App -  Access and Authentication

This Access and Authentication Dashboard includes filters that you can use in Interactive Mode to further analyze your data.

Console Logins without MFA. All users must be using multi-factor authentication. This Panel show the count of logins that are not using MFA, by user, for the last 24 hours.  

Disabled and Scheduled Deletion of CMK. Shows the count of CMKs that are disabled or scheduled to be deleted, by user, for the last 24 hours.

Failed Console Logins. Shows the count of failed logins by user, for the last 24 hours.

Root Account Logins. Shows the count of "root" account logins, by user, for the last 24 hours.

Unauthorized AWS API Requests. Shows the count of unauthorized API requests,  by user, for the last 24 hours.

Failed Console Logins by Location. Shows the count of failed logins by location, for the last 24 hours.

Outlier - Failed Console Logins. Identifies failed console logins outside of 3 standard deviations, for the last 24 hours.