Classification:
compliance
Framework:
cis-aws
Control:
cis-3.2
Set up the cloudtrail integration.
Detect when any user logs in to your AWS console without multi-factor authentication.
This rule monitors CloudTrail and detects when any @evt.name
has a value of Console Login
, and @additionalEventData.MFAUsed
has a value of no
.
Note: This rule ignores logins using SAML because 2FA is implemented on the IdP and not through AWS.
Note: There is a separate rule to detect Root Login without MFA.
このページ