AWS Network Access Control List created or modified
Incident Management が一般に使用できるようになりました。 Incident Management が広範に使用できるようになりました。
<  Back to rules search

AWS Network Access Control List created or modified

cloudtrail

Classification:

compliance

Framework:

cis-aws

Control:

cis-3.11

Set up the cloudtrail integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Overview

Goal

Detect when an AWS Network Access Control List (NACL) has been created or modified.

Strategy

This rule lets you monitor CloudTrail and detect when an AWS NACL has been created or modified with one of the following API calls:

Triage & Response

  1. Determine who the user was who made this API call.
  2. Contact the user and see if this was an API call which was made by the user.
  3. If the API call was not made by the user:
    • Rotate the user credentials and investigate what other API calls.
    • Determine what other API calls the user made which were not made by the user.