Need to know Configuration of security group

corecomputetool — Mon, 01 Jul 2019 03:30:49 GMT

Please provide the steps to monitor the Security groups(ACL) on which monitoring needs to be configured to capture any members added/removed on to the ACL group

Re: Need to know Configuration of security group

DavidHourani — Mon, 01 Jul 2019 07:05:38 GMT

Hi @corecomputetools,

If you're talking about AWS security groups then have a look here :

"You can layer Config, CloudTrail, and CloudWatch Events on top of Amazon VPC security groups to provide a defense-in-depth approach to security. Though VPC security groups provide critical filtering capabilities, Config rules, CloudTrail, and CloudWatch Events take the protection to a deeper level by monitoring security groups and notifying you of potentially unintended changes."
https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to-amazon-ec2-security-groups/

If you're talking about Splunk roles then you can use the following REST endpoint to craft a search that fetches specifically the roles and users you wish to monitor :

| rest services/authorization/roles

Let me know if that helps.

Cheers,
David

topic Need to know Configuration of security group in Getting Data In

Need to know Configuration of security group

Re: Need to know Configuration of security group