|   Trend Micro Cloud One™
Open menu

Monitoring Dashboard

Location

Dashboard > Select {Account} or {All Accounts} > Threat monitoring > Open monitoring dashboard

About Monitoring Dasbhoard

The Monitoring Dashboard provides an in-depth record of all events in an AWS account. Each event is categorised by time of the event, event details, identity of the user who performed the event, and the account on which the event occurred. You can also filter events on the basis of Cloud Conformity events, AWS events, regions, and services. Use this dashboard to monitor any unusual activity such as changes to security groups, increased permission levels for users, access to your AWS account from an unfamiliar country etc., and take remedial actions if necessary.

When reviewing RTM events, you may want to reconfigure a rule, resolve the failed check, or review details to identify or reduce security vulnerabilities. On expanding an event, you will be provided with the following options:

  1. Event / Check details - Information on events, checks, and their associated resource types and services
  2. Configure rule - adjust the behavior of rules to meet your organisation’s needs
  3. Resolve - take remediation steps to reduce security vulnerabilities

FAQs

I have activated RTM for my organisation, but some AWS events are not being picked by the activity bot.

  1. Ensure that you have installed the eventBus so that RTM can pickup events from every region.
  2. Check the list RTM supported events below.

Any AWS event missing from the list below is not supported by RTM, it’s monitored with your scheduled Conformity Bot run and will be sent for Auto-Remediation after being picked up in the scan.

S3 CreateBucket
DeleteBucket
DeleteBucketCORS
DeleteBucketLifecycle
DeleteBucketPolicy
DeleteBucketReplication
DeleteBucketTagging
DeleteBucketWebsite
PutAccelerateConfiguration
PutAccountPublicAccessBlock
PutAnalyticsConfiguration
PutBucketAccelerateConfiguration
PutBucketAcl
PutBucketCORS
PutBucketEncryption
PutBucketLifecycle
PutBucketLifecycleConfiguration
PutBucketLogging
PutBucketNotification
PutBucketNotificationConfiguration
PutBucketPolicy
PutBucketPublicAccessBlock
PutBucketReplication
PutBucketRequestPayment
PutBucketTagging
PutBucketVersioning
PutBucketWebsite
PutEncryptionConfiguration
PutInventoryConfiguration
PutLifecycleConfiguration
PutMetricsConfiguration
PutReplicationConfiguration
EC2 AcceptVpcEndpointConnections
AcceptVpcPeeringConnection
AllocateAddress
ApplySecurityGroupsToClientVpnTargetNetwork
AssociateAddress
AssociateRouteTable
AssociateSubnetCidrBlock
AssociateTransitGatewayRouteTable
AssociateVpcCidrBlock
AttachInternetGateway
AttachNetworkInterface
AuthorizeSecurityGroupEgress
AuthorizeSecurityGroupIngress
CreateCustomerGateway
CreateEgressOnlyInternetGateway
CreateInternetGateway
CreateLocalGatewayRouteTableVpcAssociation
CreateNatGateway
CreateNetworkAcl
CreateNetworkAclEntry
CreateNetworkInterface
CreateNetworkInterfacePermission
CreateRoute
CreateRouteTable
CreateSecurityGroup
CreateTransitGatewayRouteTable
CreateVolume
CreateVpc
CreateVpcEndpoint
CreateVpcEndpointConnectionNotification
CreateVpcEndpointServiceConfiguration
CreateVpcPeeringConnection
DeleteCustomerGateway
DeleteEgressOnlyInternetGateway
DeleteInternetGateway
DeleteLocalGatewayRouteTableVpcAssociation
DeleteNatGateway
DeleteNetworkAcl
DeleteNetworkAclEntry
DeleteNetworkInterface
DeleteNetworkInterfacePermission
DeleteRoute
DeleteRouteTable
DeleteSecurityGroup
DeleteTransitGatewayRoute
DeleteTransitGatewayRouteTable
DeleteVolumeDeleteVpcEndpointConnectionNotification
DeleteVpcEndpointServiceConfiguration
DeleteVpcEndpoints
DeleteVpcPeeringConnection
DetachInternetGateway
DetachNetworkInterface
DisableTransitGatewayRouteTablePropagation
DisassociateAddress
DisassociateRouteTable
DisassociateSubnetCidrBlock
DisassociateTransitGatewayRouteTable
DisassociateVpcCidrBlock
EnableTransitGatewayRouteTablePropagation
EnableVgwRoutePropagation
ModifyInstanceAttribute
ModifyNetworkInterfaceAttribute
ModifyVpcAttribute
ModifyVpcEndpoint
ModifyVpcEndpointConnectionNotification
ModifyVpcEndpointServiceConfiguration
ModifyVpcEndpointServicePermission
ModifyVpcPeeringConnectionOptions
RebootInstances
RejectVpcEndpointConnections
RejectVpcPeeringConnection
ReleaseAddress
ReplaceNetworkAclAssociation
ReplaceNetworkAclEntry
ReplaceRouteTableAssociation
ReplaceTransitGatewayRoute
ResetNetworkInterfaceAttribute
RevokeSecurityGroupEgress
RevokeSecurityGroupIngress
RunInstances
StartInstances
StopInstances
TerminateInstances
Elasticloadbalancing ConfigureHealthCheck
CreateLoadBalancer
DeleteLoadBalancer
EnableAvailabilityZonesForLoadBalancer
ModifyLoadBalancerAttributes
SetLoadBalancerListenerSSLCertificate
SetLoadBalancerPoliciesForBackendServer
SetLoadBalancerPoliciesOfListener
AutoScaling CreateAutoScalingGroup
CreateLaunchConfiguration
DeleteAutoScalingGroup
DeleteLaunchConfiguration
PutNotificationConfiguration
ResumeProcesses
SuspendProcesses
UpdateAutoScalingGroup
CloudFormation CreateStack
DeleteStack
UpdateStack
IAM AddUserToGroup
AttachGroupPolicy
AttachRolePolicy
AttachUserPolicy
ChangePassword
CreateAccessKey
CreateAccountAlias
CreateGroup
CreateLoginProfile
CreateOpenIDConnectProvider
CreatePolicy
CreatePolicyVersion
CreateRole
CreateSAMLProvider
CreateServiceLinkedRole
CreateServiceSpecificCredential
CreateUser
CreateVirtualMFADevice
DeactivateMFADevice
DeleteAccessKey
DeleteAccountAlias
DeleteAccountPasswordPolicy
DeleteGroup
DeleteGroupPolicy
DeleteLoginProfile
DeleteOpenIDConnectProvider
DeletePolicy
DeletePolicyVersion
DeleteRole
DeleteRolePermissionsBoundary
DeleteRolePolicy
DeleteSAMLProvider
DeleteSSHPublicKey
DeleteServerCertificate
DeleteServiceLinkedRole
DeleteServiceSpecificCredential
DeleteSigningCertificate
DeleteUser
DeleteUserPermissionsBoundary
DeleteUserPolicy
DeleteVirtualMFADevice
DetachGroupPolicy
DetachRolePolicy
DetachUserPolicy
EnableMFADevice
PutGroupPolicy
PutRolePermissionsBoundary
PutRolePolicy
PutUserPermissionsBoundary
PutUserPolicy
RemoveClientIDFromOpenIDConnectProvider
RemoveUserFromGroup
ResetServiceSpecificCredential
SetDefaultPolicyVersion
UpdateAccessKey
UpdateAccountPasswordPolicy
UpdateAssumeRolePolicy
UpdateGroup
UpdateLoginProfile
UpdateOpenIDConnectProviderThumbprint
UpdateRole
UpdateRoleDescription
UpdateSAMLProvider
UpdateSSHPublicKey
UpdateServerCertificate
UpdateServiceSpecificCredential
UpdateSigningCertificate
UpdateUser
UploadSSHPublicKey
UploadServerCertificate
UploadSigningCertificate
Dynamodb CreateTable
DeleteTable<brTagResource<brUntagResource<brUpdateTable
RDS CopyDBClusterSnapshot
CopyDBSnapshot
CreateDBCluster
CreateDBClusterSnapshot
CreateDBInstance
CreateDBSecurityGroup
CreateDBSnapshot
DeleteDBCluster
DeleteDBClusterSnapshot
DeleteDBInstance
DeleteDBSecurityGroup
DeleteDBSnapshot
ModifyDBCluster
ModifyDBInstance
RemoveTagsFromResource
RestoreDBClusterFromSnapshot
RestoreDBClusterToPointInTime
RestoreDBInstanceFromDBSnapshot
RestoreDBInstanceToPointInTime
Lambda CreateFunction20150331
DeleteFunction20150331
EnableReplication20170630
PublishVersion20150331
Cloudfront CreateInvalidation
Organizations AcceptHandshake
AttachPolicy
CancelHandshake
CreateAccount
CreateOrganization
CreateOrganizationalUnit
CreatePolicy
DeclineHandshake
DeleteOrganization
DeleteOrganizationalUnit
DeletePolicy
DetachPolicy
DisableAWSServiceAccess
DisablePolicyType
EnableAWSServiceAccess
EnableAllFeatures
EnablePolicyType
InviteAccountToOrganization
LeaveOrganization
MoveAccount
RemoveAccountFromOrganization
UpdateOrganizationalUnit
UpdatePolicy
Config DeleteAggregationAuthorization
DeleteConfigRule
DeleteConfigurationAggregator
DeleteConfigurationRecorder
DeleteDeliveryChannel
DeleteEvaluationResults
DeletePendingAggregationRequest
PutAggregationAuthorization
PutConfigRule
PutConfigurationAggregator
PutConfigurationRecorder
PutDeliveryChannel
StartConfigRulesEvaluation
StartConfigurationRecorder
StopConfigurationRecorder
GuardDuty AcceptInvitation
ArchiveFindings
CreateDetector
CreateIPSet
CreateMembers
CreateSampleFindings
CreateThreatIntelSet
DeclineInvitations
DeleteDetector
DeleteIPSet
DeleteInvitations
DeleteMembers
DeleteThreatIntelSet
DisassociateFromMasterAccount
DisassociateMembers
InviteMembers
StartMonitoringMembers
StopMonitoringMembers
UnarchiveFindings
UpdateDetector
UpdateFindingsFeedback
UpdateIPSet
UpdateThreatIntelSet
CloudTrail AddTags
CreateTrail
DeleteTrail
PutEventSelectors
RemoveTags
StartLogging
StopLogging
UpdateTrail
Route53domains DeleteTagsForDomain
DisableDomainAutoRenew
DisableDomainTransferLock
EnableDomainAutoRenew
EnableDomainTransferLock
RegisterDomain
RenewDomain
ResendContactReachabilityEmail
TransferDomain
UpdateDomainContact
UpdateDomainContactPrivacy
UpdateDomainNameservers
UpdateTagsForDomain
KMS CancelKeyDeletion
CreateAlias
CreateGrant
CreateKey
DeleteAlias
DeleteImportedKeyMaterial
DisableKey
DisableKeyRotation
EnableKey
EnableKeyRotation
GenerateRandom
ImportKeyMaterial
PutKeyPolicy
RetireGrant
RevokeGrant
ScheduleKeyDeletion
TagResource
UntagResource
UpdateAlias
UpdateKeyDescription
Route53 AssociateVPCWithHostedZone
ChangeResourceRecordSets
ChangeTagsForResource
CreateHealthCheck
CreateHostedZone
CreateQueryLoggingConfig
CreateReusableDelegationSet
CreateTrafficPolicy
CreateTrafficPolicyInstance
CreateTrafficPolicyVersion
CreateVPCAssociationAuthorization
DeleteHealthCheck
DeleteHostedZone
DeleteQueryLoggingConfig
DeleteReusableDelegationSet
DeleteTrafficPolicy
DeleteTrafficPolicyInstance
DeleteVPCAssociationAuthorization
DisassociateVPCFromHostedZone
UpdateHealthCheck
UpdateHostedZoneComment
UpdateTrafficPolicyComment
UpdateTrafficPolicyInstance
STS AssumeRole
AssumeRoleWithSAML
AssumeRoleWithWebIdentity