VPC Use cases
Using an Amazon VPC (Virtual Private Cloud), you can logically isolate some of your AWS assets from the rest of your cloud infrastructure. You can actually set up your own networks in the cloud. This is why, it is usually important to monitor changes to your VPCs.
Create a VPC
If a VPC is created, rule 81000
will match and an alert will be generated as shown below:
Definition of rule 81000 |
<rule id="81000" level="2">
<if_sid>80300</if_sid>
<action>CreateVpc</action>
<description>Amazon-vpc: Vpc Created</description>
<group>amazon,pci_dss_10.6.1,</group>
</rule>
|
Kibana will show this alert |
If a user without proper permissions attempts to create a VPC, rule 81001
will match, triggering an alert:
Definition of rule 81001 |
<rule id="81001" level="5">
<if_sid>81000</if_sid>
<match>"errorCode":"Client.UnauthorizedOperation"</match>
<description>Amazon-Vpc: Vpc Created Unauthorized Operation</description>
<group>amazon,pci_dss_10.6.1,</group>
</rule>
|
Kibana will show this alert |