Alibaba Cloud Simple Log Service (SLS) Best Practices

Best practice rules for Alibaba Cloud SLS

• Check for Sufficient Log Retention Period

  Ensure that the SLS Logstore log retention period is set for 365 days or greater.

• Config Assessment Authorization

  Ensure that Config Assessment is authorized to access other cloud resources.

• Create Alert for Account Login Failures

  Ensure that account login failures are being monitored using alerts.

• Create Alert for Cloud Firewall Control Policy Changes

  Ensure that Cloud Firewall control policy changes are being monitored using alerts.

• Create Alert for KMS Key Configuration Changes

  Ensure that KMS key configuration changes are being monitored using alerts.

• Create Alert for OSS Bucket Authority Changes

  Ensure that OSS bucket authority changes are being monitored using alerts.

• Create Alert for OSS Bucket Permission Changes

  Ensure that OSS bucket permission changes are being monitored using alerts.

• Create Alert for RAM Policy Changes

  Ensure that RAM policy changes are being monitored using alerts.

• Create Alert for RDS Instance Configuration Changes

  Ensure that RDS instance configuration changes are being monitored using alerts.

• Create Alert for Root Account Frequent Logins

  Ensure that root account login attempts are being monitored using alerts.

• Create Alert for Security Group Configuration Changes

  Ensure that security group configuration changes are being monitored using alerts.

• Create Alert for Single-Factor Management Console Logins

  Ensure that single-factor Management Console logins are being monitored using alerts.

• Create Alert for Unauthorized API Calls

  Ensure that unauthorized API calls are being monitored using alerts.

• Create Alert for VPC Configuration Changes

  Ensure that VPC configuration changes are being monitored using alerts.

• Create Alert for VPC Network Route Changes

  Ensure that VPC network route changes are being monitored using alerts.

• Enable Asset Fingerprints Data Collection

  Ensure that automatic collection of server fingerprints is enabled in the Security Center settings.

• Enable Audit Logs for Multiple Cloud Services

  Ensure that audit logging is enabled for multiple cloud services using the Log Audit Service.

• Enable Cluster Integration with Simple Log Service

  Ensure that ACK cluster integration with Simple Log Service is enabled.

• Enable Log Analysis for Anti-DDoS Instances

  Ensure that Log Analysis is enabled for the Anti-DDoS instances.

• Enable Log Analysis for Cloud Firewall

  Ensure that security log analysis is enabled for the Cloud Firewall service.

• Enable Log Analysis in Security Center

  Ensure that Log Analysis is enabled within the Security Center settings.

• Enable Malicious Behavior Defense

  Ensure that Malicious Behavior Defense is enabled within your Alibaba Cloud account.

• Enable Simple Log Service for Web Application Firewall

  Ensure that Simple Log Service is enabled for Web Application Firewall (WAF).

• Enable Webshell Protection

  Ensure that Webshell Protection is enabled within your Alibaba Cloud account.

• Flow Log Enabled and Configured

  Ensure that the Flow Log feature is enabled and properly configured.