|   Trend Micro™ Cloud One
Open menu

Monitor Cloud Conformity Configuration Changes

Cloud Conformity allows you to automate the auditing process of this resolution page. Register for a 14 day evaluation and check your compliance level for free!

Start a Free Trial
Security
Risk level: High (act today)

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes made at the rule administrative level, in your Cloud Conformity account.

In the past Cloud Conformity users had the ability to configure notifications for rule failures but there was no way for users to be notified for any rule administrative actions such as enabling/disabling rules or configuring rule exceptions - until now. In order to follow security best practices and attain regulatory compliance within your organization, you have to be aware 24/7 of all configuration changes made at the administrative level of your conformity rules. The activity detected by this Cloud Conformity RTMA rule can be any account user request initiated through Cloud Conformity console that triggers any of the administrative actions (events) listed below:

01 Enable or disable rule – Event triggered whenever the account admin user enables or disables a conformity rule.

02 Modify risk level – Whenever the user with account administrative privileges changes the risk level for a specific rule. There are four levels of risk: Low, Medium, High and Very High.

03 Configure rule exceptions – Whenever the Cloud Conformity user adds or removes exceptions such as AWS components and resources to audit.

04 Add configurations specific to certain rules - Whenever the user adds new configuration parameters to customize the conformity rule.

05 Suppress rule checks – Whenever the Cloud Conformity admin user turns off the rule checks under specific conditions.

06 Other configuration setting changes including Access Settings changes, Budget Settings, Cost Fluctuation Settings, etc – Whenever the admin user changes any administrative settings of the Cloud Conformity account.

For this particular conformity rule configuration, all the events listed above are enabled by default. However, the account administrator has the ability to enable or disable the type of events that they are interested to get notified about. The communication channels required for sending RTMA notifications for the Monitor Cloud Conformity Configuration Changes rule can be configured in the Cloud Conformity account. The list of supported communication channels that you can use to receive rule configuration change alerts are SMS, Email, Slack, PagerDuty, ServiceNow and Zendesk.

Remediation / Resolution

The visibility into your Cloud Conformity account activity is a key aspect of security, compliance and operational best practices, therefore this rule was designed to give you high-priority alert notifications whenever administrative configuration changes are performed inside your Cloud Conformity account.
Using Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) to detect configuration changes made at the rule administrative level, will help you prevent any accidental or intentional modifications that may lead to administrative compliance failure or even to security breaches. In order to maintain your account secure and compliant, Cloud Conformity strongly recommends that you avoid as much as possible to provide your non-privileged users the permission to change rule administrative configuration settings within your Cloud Conformity account.

References

Publication date Nov 11, 2017

Thanks!

A verification email has been sent to

Thanks!

A verification email has been sent to

Thanks!

A verification email has been sent to