github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0150/Management_Console.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0150/Management_Console.md (about)

     1  **To create a metric filter and alarm**
     2  
     3  1.  Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/)
     4      
     5      
     6  1.   In the navigation pane, choose **Log groups**.
     7      
     8  1.   Select the check box for the CloudWatch Logs log group that is associated with the CloudTrail trail that you created.
     9      
    10  1.   From **Actions**, choose **Create Metric Filter**.
    11      
    12  1.   Under **Define pattern**, do the following:
    13      
    14          a.  Copy the following pattern and then paste it into the **Filter Pattern** field.
    15          
    16           {($.eventName=CreateTrail) || ($.eventName=UpdateTrail) || ($.eventName=DeleteTrail) || ($.eventName=StartLogging) || ($.eventName=StopLogging)}
    17          
    18          b.  Choose **Next**.
    19          
    20  2.   Under **Assign metric**, do the following:
    21      
    22          a.  In **Filter name**, enter a name for your metric filter.
    23          
    24          b.  For **Metric namespace**, enter `LogMetrics`.
    25          
    26          If you use the same namespace for all of your CIS log metric filters, then all CIS Benchmark metrics are grouped together.
    27          
    28          c.  For **Metric name**, enter a name for the metric. Remember the name of the metric. You will need to select the metric when you create the alarm.
    29          
    30          d.  For **Metric value**, enter `1`.
    31          
    32          e.  Choose **Next**.
    33          
    34  3.   Under **Review and create**, verify the information that you provided for the new metric filter. Then choose **Create metric filter**.
    35      
    36  4.   Choose the **Metric filters** tab, then choose the metric filter that you just created.
    37      
    38       To choose the metric filter, select the check box at the upper right.
    39      
    40  5.   Choose **Create Alarm**.
    41      
    42  6.   Under **Specify metric and conditions**, do the following:
    43      
    44          a.  Under **Metric**, leave the default values. For more information about the available statistics, see [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the _Amazon CloudWatch User Guide_.
    45          
    46          b.  Under **Conditions**, for **Threshold**, choose **Static**.
    47          
    48          c.  For **Define the alarm condition**, choose **Greater/Equal**.
    49          
    50          d.  For **Define the threshold value**, enter `1`.
    51          
    52          e.  Choose **Next**.
    53          
    54  7.   Under **Configure actions**, do the following:
    55      
    56          a.  Under **Alarm state trigger**, choose **In alarm**.
    57          
    58          b.  Under **Select an SNS topic**, choose **Select an existing SNS topic**.
    59          
    60          c.  For **Send a notification to**, enter the name of the SNS topic that you created in the previous procedure.
    61          
    62          d.  Choose **Next**.
    63          
    64  8.   Under **Add name and description**, enter a **Name** and **Description** for the alarm. For example, `CIS-3.5-CloudTrailChanges`. Then choose **Next**.
    65      
    66  9.   Under **Preview and create**, review the alarm configuration. Then choose **Create alarm**.