Skip to main content
Sumo Logic

CIS AWS Foundations Benchmark App Dashboards

For context regarding the CIS AWS Foundation Benchmark App, check out this blog where we describe the monitoring controls.

CIS AWS Foundations Benchmark App - Change Control

This Change Control Dashboard includes filters that you can use in Interactive Mode to further analyze your data.

Config Changes. Shows the count of configuration changes done by each user for the last 24 hours.

IAM Policy Changes. Shows the count of IAM policy changes done by each user for the last 24 hours.

CloudTrail Changes. Shows the count of CloudTrail changes done by each user for the last 24 hours.

Gateway Changes. Shows the count of Gateway changes done by each user for the last 24 hours.

Route Table Changes. Shows the count of Route Table changes done by each user for the last 24 hours.

Network ACL Cganges. Shows the count of Network ACL changes done by each user for the last 24 hours.

Security Group Changes. Shows the count of Security Group changes done by each user for the last 24 hours.

VPC Changes. Shows the count of VPC changes done by each user for the last 24 hours.

S3 Bucket Policy Changes. Shows the count of S3 Bucket Policy changes done by each user for the last 24 hours.

 

CIS AWS Foundations Benchmark App -  Access and Authentication

This Access and Authentication Dashboard includes filters that you can use in Interactive Mode to further analyze your data.

Console Logins without MFA. All users must be using multi-factor authentication. This Panel show the count of logins that are not using MFA, by user, for the last 24 hours.  

Disabled and Scheduled Deletion of CMK. Shows the count of CMKs that are disabled or scheduled to be deleted, by user, for the last 24 hours.

Failed Console Logins. Shows the count of failed logins by user, for the last 24 hours.

Root Account Logins. Shows the count of "root" account logins, by user, for the last 24 hours.

Unauthorized AWS API Requests. Shows the count of unauthorized API requests,  by user, for the last 24 hours.

Failed Console Logins by Location. Shows the count of failed logins by location, for the last 24 hours.

Outlier - Failed Console Logins. Identifies failed console logins outside of 3 standard deviations, for the last 24 hours.