R-051-001 API event logs 2023_001
- Governed by
GP-051 Security violations - Comes from template
T-051-001 API event logs
Purpose
Review API events logs looking for suspicious actions
Periodicity
Every 2 weeks
AWS CloudTrail review
| Responsible | Date | Event history review | Insights review |
|---|---|---|---|
| Gerardo Fernández Moreno | 2023/01/10 | OK | OK |
| Alejandro Carmena Magro | 2023/10/02 | OK | OK |
| Alejandro Carmena Magro | 2023/10/16 | OK | OK |
| Alejandro Carmena Magro | 2023/10/30 | OK | OK |
| Alejandro Carmena Magro | 2023/11/13 | OK | OK |
| Alejandro Carmena Magro | 2023/11/27 | OK | OK |
| Alejandro Carmena Magro | 2023/12/11 | OK | OK |
| Alejandro Carmena Magro | 2023/12/22 | OK | OK |
| Alejandro Carmena Magro | 2024/01/08 | OK | OK |
| Alejandro Carmena Magro | 2024/01/22 | OK | OK |
| Alejandro Carmena Magro | 2024/02/05 | OK | OK |
| Alejandro Carmena Magro | 2024/02/19 | OK | OK |
Help
At the review columns it will be indicated if the review was satisfactory (OK) or if any unexpected action was detected (see below). In this case the reference of the incidence (according to procedure GP-018 Infrastructure and facilities) or non-conformity (GP-006 Non-conformity. Corrective and Preventive actions) was included to allow traceability of the actions.
Criteria for acceptance
The logs are reviewed and no suspicious actions are detected:
- Each user is connecting from the expected IP.
- Users are performing the expected actions.
List of unexpected actions:
- Changing other user's credentials.
- Creating new users with administrator permissions.
- Accessing resources that are not part of the project.
- Deleting critical resources as buckets, databases or EC2 instances.
Record signature meaning
- Author: JD-017 Alejandro Carmena
- Review: JD-004 María Diez
- Approval: JD-001 Andy Aguilar