Best practice rules for Alibaba Cloud SLS
- Check for Sufficient Log Retention Period
Ensure that the SLS Logstore log retention period is set for 365 days or greater.
- Config Assessment Authorization
Ensure that Config Assessment is authorized to access other cloud resources.
- Create Alert for Account Login Failures
Ensure that account login failures are being monitored using alerts.
- Create Alert for Cloud Firewall Control Policy Changes
Ensure that Cloud Firewall control policy changes are being monitored using alerts.
- Create Alert for KMS Key Configuration Changes
Ensure that KMS key configuration changes are being monitored using alerts.
- Create Alert for OSS Bucket Authority Changes
Ensure that OSS bucket authority changes are being monitored using alerts.
- Create Alert for OSS Bucket Permission Changes
Ensure that OSS bucket permission changes are being monitored using alerts.
- Create Alert for RAM Policy Changes
Ensure that RAM policy changes are being monitored using alerts.
- Create Alert for RDS Instance Configuration Changes
Ensure that RDS instance configuration changes are being monitored using alerts.
- Create Alert for Root Account Frequent Logins
Ensure that root account login attempts are being monitored using alerts.
- Create Alert for Security Group Configuration Changes
Ensure that security group configuration changes are being monitored using alerts.
- Create Alert for Single-Factor Management Console Logins
Ensure that single-factor Management Console logins are being monitored using alerts.
- Create Alert for Unauthorized API Calls
Ensure that unauthorized API calls are being monitored using alerts.
- Create Alert for VPC Configuration Changes
Ensure that VPC configuration changes are being monitored using alerts.
- Create Alert for VPC Network Route Changes
Ensure that VPC network route changes are being monitored using alerts.
- Enable Asset Fingerprints Data Collection
Ensure that automatic collection of server fingerprints is enabled in the Security Center settings.
- Enable Audit Logs for Multiple Cloud Services
Ensure that audit logging is enabled for multiple cloud services using the Log Audit Service.
- Enable Cluster Integration with Simple Log Service
Ensure that ACK cluster integration with Simple Log Service is enabled.
- Enable Log Analysis for Anti-DDoS Instances
Ensure that Log Analysis is enabled for the Anti-DDoS instances.
- Enable Log Analysis for Cloud Firewall
Ensure that security log analysis is enabled for the Cloud Firewall service.
- Enable Log Analysis in Security Center
Ensure that Log Analysis is enabled within the Security Center settings.
- Enable Malicious Behavior Defense
Ensure that Malicious Behavior Defense is enabled within your Alibaba Cloud account.
- Enable Simple Log Service for Web Application Firewall
Ensure that Simple Log Service is enabled for Web Application Firewall (WAF).
- Enable Webshell Protection
Ensure that Webshell Protection is enabled within your Alibaba Cloud account.
- Flow Log Enabled and Configured
Ensure that the Flow Log feature is enabled and properly configured.