AWS CloudWatch
Overview
Critical
0High
0Medium
21Low
0Informational
0Security issues (21)
Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|---|---|
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | /aws/lambda/test-collector:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | /aws/lambda/test-responder:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | /aws/lambda/test-scanner:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-1 | /aws/lambda/test-scheduler:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /aws/codebuild/InlineSecureScanning:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /aws/eks/beautiful-outfit-1611727262/cluster:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /aws/lambda/HelloWorldFunction:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /aws/lambda/Sophos-Optix-flowlogs-fn:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /aws/transfer/s-4ab6146e87334a43a:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /ecs/console-sample-app-static:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-east-2 | /ecs/first-run-task-definition:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-1 | /aws/lambda/Sophos-Optix-flowlogs-fn:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-1 | /aws/lambda/test:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | /aws/lambda/Sophos-Optix-cloudtrail-fn:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | /aws/lambda/Sophos-Optix-flowlogs-fn:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | /aws/lambda/SophosOptixRegionalResourcesLambda:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | /aws/lambda/my-function:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | /aws/transfer/s-3d3e19784f014b1a9:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | aws-cloudtrail-logs-531239714189-58a7e086:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | aws-cloudtrail-logs-531239714189-f6d6a35f:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info | |
Medium | PCI DSS 3.5 HIPAA (Encryption) | us-west-2 | my-trail:* | Log data in the CloudWatch log group is not encrypted with a KMS customer-managed key. | For more control over the data-at-rest encryption, make sure the CloudWatch log group uses encryption with AWS KMS. | More info |
Log groups (21)
Region | Log group | Retention | Metric filters | Size | Security issues |
---|---|---|---|---|---|
us-east-1 | /aws/lambda/test-collector | Never expire | 0 | — | 1 Medium (details) |
us-east-1 | /aws/lambda/test-responder | Never expire | 0 | 16.56 KB | 1 Medium (details) |
us-east-1 | /aws/lambda/test-scanner | Never expire | 0 | — | 1 Medium (details) |
us-east-1 | /aws/lambda/test-scheduler | Never expire | 0 | — | 1 Medium (details) |
us-east-2 | /aws/codebuild/InlineSecureScanning | Never expire | 0 | 42.63 KB | 1 Medium (details) |
us-east-2 | /aws/eks/beautiful-outfit-1611727262/cluster | Never expire | 0 | 3.05 GB | 1 Medium (details) |
us-east-2 | /aws/lambda/HelloWorldFunction | Never expire | 1 | 1.75 KB | 1 Medium (details) |
us-east-2 | /aws/lambda/Sophos-Optix-flowlogs-fn | Never expire | 0 | 4.41 MB | 1 Medium (details) |
us-east-2 | /aws/transfer/s-4ab6146e87334a43a | Never expire | 0 | 43.17 KB | 1 Medium (details) |
us-east-2 | /ecs/console-sample-app-static | Never expire | 0 | 1.12 MB | 1 Medium (details) |
us-east-2 | /ecs/first-run-task-definition | Never expire | 0 | — | 1 Medium (details) |
us-west-1 | /aws/lambda/Sophos-Optix-flowlogs-fn | Never expire | 0 | 475.0 bytes | 1 Medium (details) |
us-west-1 | /aws/lambda/test | Never expire | 0 | 478.0 bytes | 1 Medium (details) |
us-west-2 | /aws/lambda/Sophos-Optix-cloudtrail-fn | Never expire | 0 | 119.51 MB | 1 Medium (details) |
us-west-2 | /aws/lambda/Sophos-Optix-flowlogs-fn | Never expire | 0 | 16.79 KB | 1 Medium (details) |
us-west-2 | /aws/lambda/SophosOptixRegionalResourcesLambda | Never expire | 0 | 13.25 KB | 1 Medium (details) |
us-west-2 | /aws/lambda/my-function | Never expire | 0 | 300.0 bytes | 1 Medium (details) |
us-west-2 | /aws/transfer/s-3d3e19784f014b1a9 | Never expire | 0 | 7.2 MB | 1 Medium (details) |
us-west-2 | aws-cloudtrail-logs-531239714189-58a7e086 | Never expire | 0 | 559.18 MB | 1 Medium (details) |
us-west-2 | aws-cloudtrail-logs-531239714189-f6d6a35f | Never expire | 0 | 31.65 KB | 1 Medium (details) |
us-west-2 | my-trail | Never expire | 2 | 1.99 GB | 1 Medium (details) |