Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine detected configuration changes made at the network level within your AWS account.
The activity detected for this Real-Time Monitoring rule could be any user action initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDK that is related to the configuration changing for any networking-based AWS resource such as Virtual Private Cloud (VPC) or Network Access Control List (NACL).
Cloud Conformity Real-Time Monitoring can detect essentially any API call related to networking configuration changes within your AWS account (using the Amazon Config service API) such as adding or removing inbound/outbound rules to/from an existing VPC security group, disassociate an Elastic IP address from an EC2 instance or from a network interface, updating the route tables for an AWS VPC peering connection, modifying the rules within a VPC Network ACL (NACL), etc.
In order to enable Real-Time Monitoring detection for this conformity rule, you must first define the AWS networking-based resources that can be monitored for configuration changes, within the rule configuration using the Cloud Conformity dashboard. The AWS resources supported by this Real-Time Monitoring rule are:
Virtual Private Clouds (VPCs)
VPC Network Access Control Lists (NACLs)
VPC Security Groups
VPC Route Tables
VPC Elastic Network Interfaces (ENIs)
VPC Internet Gateways
VPC Peering Connections
VPC NAT Gateways
VPN Customer Gateways
VPC Elastic IP Addresses (EIPs)
Monitoring configuration changes for your Amazon networking-based resources in real-time is crucial for keeping your AWS environment secure.
With Cloud Conformity Real-Time Monitoring network configuration monitoring you can gain complete visibility over your AWS networking infrastructure changes. This will help you prevent any accidental or intentional modifications that may lead to unauthorized network access or other related security breaches. Beyond prevention, you should be able to maintain your AWS account secure by taking actions upon detection of any unusual activity at the AWS network level and send real-time notifications, extremely useful when, for example, an unauthorized user is modifying a networking-based resources such as a VPC security group to allow unrestricted inbound access to TCP port 22 (SSH), which increases the opportunities for malicious activity such as hacking, man-in-the-middle attacks (MITM) and brute-force attacks.