Attributes of Log Data

Supporting PCI Requirement 10.3 in AWS
PCI Requirement 10.3 requires that your audit trail entries capture the following six attributes of each event: 

  1. User identification 
  2. Type of event 
  3. Date and time 
  4. Success or failure indication
  5. Origination of event
  6. Identity of the affected data, system, or resources 

To capture all of these attributes, AWS recommends using three services to support proper logging and monitoring: AWS CloudTrail, Amazon CloudWatch, and AWS Config. By using these services, you will gather the appropriate content and history needed to comply with PCI Requirement 10.3.

Transcription 
There are six sub-requirements in PCI Requirement 10 and they are all related to the attributes inside the logging data that you would get in their system. What are they? User identification (who it is), type of event, date and time stamps, success or failure of the event (was the log in successful or not?), where it came from (the source of the generated event), and the identity of the system that is affected. 

So, basically, it’s the “who, what, when, where, and why.” All of these elements are captured in the attributes of the logs. Enabling CloudTrail and the rules inside the AWS Management Console can deliver all of that information to an S3 bucket. If you secure the S3 bucket, then you are good to go for PCI Requirement 10.3. Any questions? Give us a call at KirkpatrickPrice. We make sure.

Related Videos

Audit Trail Review with Kibana, Athena, and GuardDuty
Audit Your Security Groups for Insecure Ports and Protocols
Change-Detection Solutions in AWS
CloudTrail and CloudWatch Integration
Enabling AWS Config in All Regions
Enabling CloudTrail Log File Validation
Enabling CloudTrail in All Regions
Ensure ALBs Have WAF ACLs Attached
Ensure RDS Instances are Only Accessible by Internal IPs
Ensuring Role Assumption is Logged
Filters and Alarms in CloudWatch
GuardDuty Alerts for Control Failures
How to Edit Inbound Traffic Rules for Default Security Groups
Identify Unrestricted Access to Ports for Security Groups
Identify if EC2 Instances Are Directly Connected to the Internet
Logging Tools in AWS
Logging Web ACL Data in Amazon Kinesis
Monitor Network Traffic with VPC Flow Logs
Protecting API Gateways with WAF Rules
Restrict Access to CloudTrail Logs in S3 Buckets
Restrict Security Group Access to All Ports
Retaining Your Audit Trail in AWS
Routing Outbound Traffic Through NAT Gateways
Securing Your Log Files
Using Amazon Time Sync Service
Using a Bastion Host or Session Manager to Limit Access to Port 22