Please provide the steps to monitor the Security groups(ACL) on which monitoring needs to be configured to capture any members added/removed on to the ACL group
Hi @corecomputetools,
If you're talking about AWS security groups then have a look here :
"You can layer Config, CloudTrail, and CloudWatch Events on top of Amazon VPC security groups to provide a defense-in-depth approach to security. Though VPC security groups provide critical filtering capabilities, Config rules, CloudTrail, and CloudWatch Events take the protection to a deeper level by monitoring security groups and notifying you of potentially unintended changes."
https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls...
If you're talking about Splunk roles then you can use the following REST endpoint to craft a search that fetches specifically the roles and users you wish to monitor :
| rest services/authorization/roles
Let me know if that helps.
Cheers,
David