Only PCI's control 10.6.1 match with CloudTrail events
34 views
Skip to first unread message
Carlos Lopez
May 25, 2021, 10:41:02 AM5/25/21
to wa...@googlegroups.com
HI all,
I have configured our Wazuh manager to retrieve all events related to CloudTrail logs stored in a S3 bucket.
Best regards,
When I try to visualize the PCI compliance level, only one control is mapped: 10.6.1.
Does anyone know why? CouldTrail stores many more PCI-related events such as failed logins, successful logins, etc.
C. L. Martinez
Best regards,
C. L. Martinez
I have configured our Wazuh manager to retrieve all events related to CloudTrail logs stored in a S3 bucket.
Best regards,
When I try to visualize the PCI compliance level, only one control is mapped: 10.6.1.
Does anyone know why? CouldTrail stores many more PCI-related events such as failed logins, successful logins, etc.
C. L. Martinez
Best regards,
C. L. Martinez
Rafael Antonio Rodriguez Otero
May 25, 2021, 8:59:33 PM5/25/21
to Carlos Lopez, wa...@googlegroups.com
Hello
PCI DSS compliance depends on many things and many of those things must be analyzed to gain good compliance.
Wazuh really makes a great effort so that the logs or alerts are consistent with the PCI standard but it is not always perfect, besides that, it all depends on the asset use cases that go with the client's type of business.
But hey, basically if you have many authentication failures, it is possible that someone or something is exploiting this access, try to validate the source IP addresses that make these attempts to validate if they are known to you or if it is some stranger.
Besides that, it is important and consider configuring the SIEM with a security profile, for that you can use an Ethical Hackgin auditor or a Pent Test, the idea is to create a security framework for the asset, how it behaves when certain attacks are made. and how to detect it, as far as compliance is concerned, you should get someone who knows the standard to determine that logs or records that go hand in hand with the services you offer are important to you.
These considerations must be configured in SIEM to trigger better compliance.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/C4BCAE18-2324-4F22-8A29-9D0189C59F41%40outlook.com.
Carlos Lopez
May 27, 2021, 2:13:28 AM5/27/21
to wa...@googlegroups.com
No news?
Best regards,
C. L. Martinez
> On 25 May 2021, at 16:40, Carlos Lopez <clo...@outlook.com> wrote:
>
> HI all,
>
> I have configured our Wazuh manager to retrieve all events related to CloudTrail logs stored in a S3 bucket.
>
>
> HI all,
>
> I have configured our Wazuh manager to retrieve all events related to CloudTrail logs stored in a S3 bucket.
>
> When I try to visualize the PCI compliance level, only one control is mapped: 10.6.1.
>
> Does anyone know why? CouldTrail stores many more PCI-related events such as failed logins, successful logins, etc.
>
>
>
>
> Does anyone know why? CouldTrail stores many more PCI-related events such as failed logins, successful logins, etc.
>
>
>
> Best regards,
> C. L. Martinez
>
> C. L. Martinez
>
Reply all
Reply to author
Forward
0 new messages