Logging and Monitoring Flashcards
Does Cloudtrail log RDP and SSH sessions ?
No
What three activities does cloud trail enable ?
- After the fact investigation
- Near Real Time Intrusion Detection
- Industry and Regulatory Compliance
What is logged by Cloudtrail
- Metadata around API Calls
- Identity of API Caller
- Time of API Call
- Source IP Address of Caller
- Request Parameters
- Response
Who manages the retention of the Cloudtrail S3 bucket ?
You
What is the potential delay in delivering Cloud trail results to the S3 bucket ?
15 mins
Can Cloudtrail logs be aggregated across accounts ?
yes
What management events options are available when setting up Cloudtrail
- All
- Read
- Write
What are the Data Events options available to setting up Cloudtrail ?
The ability to see changes to S3 individual data items
When setting up cloudtrail what are the advanced settings available to you ?
- Encryption
- Log File Prefix
- Encryption Validation
- SNS for Log file Delivery
How do you validate cloudtrail logs ?
By using the digest files
Why should you consider protecting your cloud trail logs ?
Cloudtrail logs can contain PII data as well as confidential configuration data
How can you protect cloudtrail data
IAM Bucket policies to restrict who has access and then SSE-S3 or SSE-KMS encryption
What AWS Managed policies are there for CloudTrail ?
FullAccess and ReadOnly
What are the three main elements of CloudWatch ?
Events, Logs and Cloudwatch itself
What are the main elements of Cloudwatch ?
- Realtime
- Metrics
- Alarms
- Notifications
- Custom Metrics
