Ensure each VPC that you have enabled has Flow Logs enabled and are being delivered

Ensure that your VPCs have flow logs enabled in order to understand traffic patterns and trouble shoot issues. Flow logs can also give you valuable data in case of a security breach to understand how lateral movement may have occurred. It is important to ensure that these logs are working as expected. This is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the VPC service at: https://console.aws.amazon.com/vpc
  • On the left hand panel select Your VPCs.
  • select the hyperlink under VPC ID for the VPC you would like to examine.

 

 

  • Select the tab Flow logs and validate if a Flow log is configured

 

 

  • If nothing is configured under Flow logs, then follow the directions for Enabling flow logs found here.
  • Validate that the Status is set to Active.
  • Click the hyperlink for Destination name to go to the cloudwatch logs.

 

 

  • Validate that the Last event time has been delivered in the last 30 minutes.
  • Repeat the outlined steps and do this for each VPC that you have enabled in your account.
See all of your AWS VPCs in a single place!

Do you want to see all VPCs in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +