From d67170b87c6e1f64e1f8278a341706021b26348b Mon Sep 17 00:00:00 2001 From: Toni de la Fuente Date: Mon, 5 Feb 2018 23:11:43 -0500 Subject: [PATCH] New forensics-ready check group and extra712 --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 02336e8a..656e81ba 100644 --- a/README.md +++ b/README.md @@ -609,7 +609,18 @@ or to run just one of the checks: ## Forensics Ready Checks -With this group of checks, Prowler looks if each service with logging or audit capabilities has them enabled to ensure all needed evidences are recorded for an eventual digital forensic investigation in case of incident. The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command: +With this group of checks, Prowler looks if each service with logging or audit capabilities has them enabled to ensure all needed evidences are recorded and collected for an eventual digital forensic investigation in case of incident. List of checks part of this group: +- 2.1 Ensure CloudTrail is enabled in all regions (Scored) +- 2.2 Ensure CloudTrail log file validation is enabled (Scored) +- 2.3 Ensure the S3 bucket CloudTrail logs to is not publicly accessible (Scored) +- 2.4 Ensure CloudTrail trails are integrated with CloudWatch Logs (Scored) +- 2.5 Ensure AWS Config is enabled in all regions (Scored) +- 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket (Scored) +- 2.7 Ensure CloudTrail logs are encrypted at rest using KMS CMKs (Scored) +- 4.3 Ensure VPC Flow Logging is Enabled in all VPCs (Scored) +- 7.12 Check if Amazon Macie is enabled (Not Scored) (Not part of CIS benchmark) + +The `forensics-ready` group of checks uses existing and extra checks. To get a forensics readiness report, run this command: ``` ./prowler -c forensics-ready ```