github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0152/Management_Console.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0152/Management_Console.md (about)

     1  **To create a metric filter and alarm**
     2  
     3  1.  Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/)
     4      
     5  1.  In the navigation pane, choose **Log groups**.
     6      
     7  1.  Select the check box for the CloudWatch Logs log group that is associated with the CloudTrail trail that you created.
     8      
     9  1.  From **Actions**, choose **Create Metric Filter**.
    10      
    11  1.  Under **Define pattern**, do the following:
    12      
    13      a.  Copy the following pattern and then paste it into the **Filter Pattern** field.
    14          
    15          {($.eventName=ConsoleLogin) && ($.errorMessage="Failed authentication")}
    16          
    17      b.  Choose **Next**.
    18          
    19  2.  Under **Assign metric**, do the following:
    20      
    21      a.  In **Filter name**, enter a name for your metric filter.
    22          
    23      b.  For **Metric namespace**, enter `LogMetrics`.
    24          
    25         If you use the same namespace for all of your CIS log metric filters, then all CIS Benchmark metrics are grouped together.
    26          
    27      c.  For **Metric name**, enter a name for the metric. Remember the name of the metric. You will need to select the metric when you create the alarm.
    28          
    29      d.  For **Metric value**, enter `1`.
    30          
    31      e.  Choose **Next**.
    32          
    33  3.  Under **Review and create**, verify the information that you provided for the new metric filter. Then choose **Create metric filter**.
    34      
    35  4.  Choose the **Metric filters** tab, then choose the metric filter that you just created.
    36      
    37      To choose the metric filter, select the check box at the upper right.
    38      
    39  5.  Choose **Create Alarm**.
    40      
    41  6.  Under **Specify metric and conditions**, do the following:
    42      
    43      a.  Under **Metric**, leave the default values. For more information about the available statistics, see [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the _Amazon CloudWatch User Guide_.
    44          
    45      b.  Under **Conditions**, for **Threshold**, choose **Static**.
    46          
    47      c.  For **Define the alarm condition**, choose **Greater/Equal**.
    48          
    49      d.  For **Define the threshold value**, enter `1`.
    50          
    51      e.  Choose **Next**.
    52          
    53  7.  Under **Configure actions**, do the following:
    54      
    55      a.  Under **Alarm state trigger**, choose **In alarm**.
    56          
    57      b.  Under **Select an SNS topic**, choose **Select an existing SNS topic**.
    58          
    59      c.  For **Send a notification to**, enter the name of the SNS topic that you created in the previous procedure.
    60          
    61      d.  Choose **Next**.
    62          
    63  8.  Under **Add name and description**, enter a **Name** and **Description** for the alarm. For example, `CIS-3.6-ConsoleAuthenticationFailure`. Then choose **Next**.
    64      
    65  9.  Under **Preview and create**, review the alarm configuration. Then choose **Create alarm**.