Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Monitor Cloud Conformity Configuration Changes

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: High (act today)

Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes made at the rule administrative level, in your Cloud Conformity account.
In the past Cloud Conformity users had the ability to configure notifications for rule failures but there was no way for users to be notified for any rule administrative actions such as enabling/disabling rules or configuring rule exceptions - until now. In order to follow security best practices and attain regulatory compliance within your organization, you have to be aware 24/7 of all configuration changes made at the administrative level of your conformity rules. The activity detected by this Cloud Conformity RTMA rule can be any account user request initiated through Cloud Conformity console that triggers any of the administrative actions (events) listed below:

  • Enable or disable rule – Event triggered whenever the account admin user enables or disables a conformity rule.
  • Modify risk level – Whenever the user with account administrative privileges changes the risk level for a specific rule. There are four levels of risk: Low, Medium, High and Very High.
  • Configure rule exceptions – Whenever the Cloud Conformity user adds or removes exceptions such as AWS components and resources to audit.
  • Add configurations specific to certain rules - Whenever the user adds new configuration parameters to customize the conformity rule.
  • Suppress rule checks – Whenever the Cloud Conformity admin user turns off the rule checks under specific conditions.
  • Other configuration setting changes including Access Settings changes, Budget Settings, Cost Fluctuation Settings, etc – Whenever the admin user changes any administrative settings of the Cloud Conformity account.

For this particular conformity rule configuration, all the events listed above are enabled by default. However, the account administrator has the ability to enable or disable the type of events that they are interested to get notified about. The communication channels required for sending RTMA notifications for the Monitor Cloud Conformity Configuration Changes rule can be configured in the Cloud Conformity account. The list of supported communication channels that you can use to receive rule configuration change alerts are SMS, Email, Slack, PagerDuty, ServiceNow and Zendesk.
Security

The visibility into your Cloud Conformity account activity is a key aspect of security, compliance and operational best practices, therefore this rule was designed to give you high-priority alert notifications whenever administrative configuration changes are performed inside your Cloud Conformity account.

Using Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) to detect configuration changes made at the rule administrative level, will help you prevent any accidental or intentional modifications that may lead to administrative compliance failure or even to security breaches. In order to maintain your account secure and compliant, Cloud Conformity strongly recommends that you avoid as much as possible to provide your non-privileged users the permission to change rule administrative configuration settings within your Cloud Conformity account.

References

Publication date Nov 11, 2017

Related Cloud Conformity rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Monitor Cloud Conformity Configuration Changes

Risk Level: High