VPC Use cases

Using an Amazon VPC (Virtual Private Cloud), you can logically isolate your AWS assets from the rest of AWS. You can even set up your own virtual networking in the cloud. It is important to carefully monitor what happens with your VPC as it represent a critical part of your cloud infrastructure.

Create VPC

If a VPC is created, rule 81000 will apply and an alert will be generated as shown below:

Definition of rule 81000

<rule id="81000" level="2">
    <if_sid>80300</if_sid>
    <action>CreateVpc</action>
    <description>Amazon-vpc: Vpc Created</description>
    <group>amazon,pci_dss_10.6.1,</group>
</rule>

Kibana will show this alert

If a user without proper permissions attempts to create a VPC, rule 81001 will apply:

Definition of rule 81001

<rule id="81001" level="5">
    <if_sid>81000</if_sid>
    <match>"errorCode":"Client.UnauthorizedOperation"</match>
    <description>Amazon-Vpc: Vpc Created Unauthorized Operation</description>
    <group>amazon,pci_dss_10.6.1,</group>
</rule>

Kibana will show this alert