Drata

Many ask for best practices when it comes to monitoring logs. Here are a few things to be aware of: 

Use a system that collects and stores server logs in a central location. The system can be queried in an ad hoc fashion by authorized users.

Utilize logging software that retains logs for at least 12 months.

When speaking with your audit firm, you can also confirm this is something they test for.

Here's a specific request one of our audit firm partners tests for against AWS:

Inspected AWS CloudWatch logs to determine that CloudWatch was configured to monitor web traffic and suspicious activity.

It's also important to have intrusion detection systems like AWS Guard Duty running, which will be looking at the logs and will sending warnings for any issues found.

Best practice security controls for logging

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you