mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
Added new check extra719 route53 query logging
This commit is contained in:
Toni de la Fuente
@@ -25,7 +25,7 @@ It covers hardening and security best practices for all AWS regions related to:
|
||||
- Logging (8 checks)
|
||||
- Monitoring (15 checks)
|
||||
- Networking (5 checks)
|
||||
- Extras (18 checks) *see Extras section
|
||||
- Extras (19 checks) *see Extras section
|
||||
- Forensics related checks
|
||||
|
||||
For a comprehesive list and resolution look at the guide on the link above.
|
||||
@@ -346,6 +346,7 @@ At this moment we have 16 extra checks:
|
||||
- 7.16 (`extra716`) Check if Elasticsearch Service domains allow open access (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.17 (`extra717`) Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.18 (`extra718`) Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.19 (`extra719`) Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
|
||||
|
||||
|
||||
To check all extras in one command:
|
||||
@@ -374,6 +375,7 @@ With this group of checks, Prowler looks if each service with logging or audit c
|
||||
- 7.15 Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.17 Check if Elastic Load Balancers have logging enabled (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.18 Check if S3 buckets have server access logging enabled (Not Scored) (Not part of CIS benchmark)
|
||||
- 7.19 Check if Route53 hosted zones are logging queries to CloudWatch Logs (Not Scored) (Not part of CIS benchmark)
|
||||
|
||||
The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command:
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user