github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0153/Management_Console.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/cloudwatch/AVD-AWS-0153/Management_Console.md (about)

     1  **To create a metric filter and alarm**
     2  
     3  1.  Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/)
     4      
     5  
     6  1.   .
     7      
     8  1.   In the navigation pane, choose **Log groups**.
     9      
    10  1.   Select the check box for the CloudWatch Logs log group that is associated with the CloudTrail trail that you created.
    11      
    12  1.   From **Actions**, choose **Create Metric Filter**.
    13      
    14  1.   Under **Define pattern**, do the following:
    15      
    16       a.  Copy the following pattern and then paste it into the **Filter Pattern** field.
    17          
    18           {($.eventSource=kms.amazonaws.com) && (($.eventName=DisableKey) || ($.eventName=ScheduleKeyDeletion))}
    19          
    20       b.  Choose **Next**.
    21          
    22  2.   Under **Assign metric**, do the following:
    23      
    24          a.  In **Filter name**, enter a name for your metric filter.
    25          
    26          b.  For **Metric namespace**, enter `LogMetrics`.
    27          
    28          If you use the same namespace for all of your CIS log metric filters, then all CIS Benchmark metrics are grouped together.
    29          
    30          c.  For **Metric name**, enter a name for the metric. Remember the name of the metric. You will need to select the metric when you create the alarm.
    31          
    32          d.  For **Metric value**, enter `1`.
    33          
    34          e.  Choose **Next**.
    35          
    36  3.   Under **Review and create**, verify the information that you provided for the new metric filter. Then choose **Create metric filter**.
    37      
    38  4.   Choose the **Metric filters** tab, then choose the metric filter that you just created.
    39      
    40          To choose the metric filter, select the check box at the upper right.
    41      
    42  5.   Choose **Create Alarm**.
    43      
    44  6.   Under **Specify metric and conditions**, do the following:
    45      
    46          a.  Under **Metric**, leave the default values. For more information about the available statistics, see [Statistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Statistic) in the _Amazon CloudWatch User Guide_.
    47          
    48          b.  Under **Conditions**, for **Threshold**, choose **Static**.
    49          
    50          c.  For **Define the alarm condition**, choose **Greater/Equal**.
    51          
    52          d.  For **Define the threshold value**, enter `1`.
    53          
    54          e.  Choose **Next**.
    55          
    56  7.   Under **Configure actions**, do the following:
    57      
    58          a.  Under **Alarm state trigger**, choose **In alarm**.
    59          
    60          b.  Under **Select an SNS topic**, choose **Select an existing SNS topic**.
    61          
    62          c.  For **Send a notification to**, enter the name of the SNS topic that you created in the previous procedure.
    63          
    64          d.  Choose **Next**.
    65          
    66  8.   Under **Add name and description**, enter a **Name** and **Description** for the alarm. For example, `CIS-3.7-DisableOrDeleteCMK`. Then choose **Next**.
    67      
    68  9.   Under **Preview and create**, review the alarm configuration. Then choose **Create alarm**.