diff --git a/rules/S6258/ask-yourself.adoc b/rules/S6258/ask-yourself.adoc index 43b852ff98..3dd1536378 100644 --- a/rules/S6258/ask-yourself.adoc +++ b/rules/S6258/ask-yourself.adoc @@ -1,6 +1,7 @@ == Ask Yourself Whether -* The infrastructure requires security monitoring, to comply to some regulations or not. -* There is a need to understand what objects are requested by S3 customers. +* This component is essential for the information system infrastructure. +* This component is essential for mission-critical functions. +* Compliance policies require this component to be monitored. There is a risk if you answered yes to any of those questions. diff --git a/rules/S6258/cloudformation/rule.adoc b/rules/S6258/cloudformation/rule.adoc index e381dca374..fff91a56bb 100644 --- a/rules/S6258/cloudformation/rule.adoc +++ b/rules/S6258/cloudformation/rule.adoc @@ -6,7 +6,7 @@ include::../recommended.adoc[] == Sensitive Code Example -S3 server access logging is disabled: +For https://aws.amazon.com/s3/[Amazon S3 access requests]: ---- AWSTemplateFormatVersion: 2010-09-09 @@ -19,7 +19,7 @@ Resources: == Compliant Solution -S3 server access logging is enabled: +For https://aws.amazon.com/s3/[Amazon S3 access requests]: ---- AWSTemplateFormatVersion: 2010-09-09 diff --git a/rules/S6258/description.adoc b/rules/S6258/description.adoc index ac5b1cec33..ce2733d5d4 100644 --- a/rules/S6258/description.adoc +++ b/rules/S6258/description.adoc @@ -1,3 +1,5 @@ -Server access logging records the requests that are made to S3 buckets and this allow to track who is doing what on S3 buckets. +Disabling logging of this component can lead to missing traceability in case of a security incident. -When server access logging is deactivated, infrastructure administrators are blind and can't answer to any regulatory requests. +Logging allows operational and security teams to get detailed and real-time feedback on an information system's events. The logging coverage enables them to quickly react to events, ranging from the most benign bugs to the most impactful security incidents, such as intrusions. + +Apart from security detection, logging capabilities also directly influence future digital forensic analyses. For example, detailed logging will allow investigators to establish a timeline of the actions perpetrated by an attacker. diff --git a/rules/S6258/message.adoc b/rules/S6258/message.adoc index 2ccc1f96e4..1f43ef6bc6 100644 --- a/rules/S6258/message.adoc +++ b/rules/S6258/message.adoc @@ -1,4 +1,3 @@ === Message -Make sure disabling S3 server access logs is safe here. - +Make sure that disabling logging is safe here. diff --git a/rules/S6258/metadata.json b/rules/S6258/metadata.json index 85c70ce4a1..a0a423abf7 100644 --- a/rules/S6258/metadata.json +++ b/rules/S6258/metadata.json @@ -1,5 +1,5 @@ { - "title": " Disabling S3 server access logging is security sensitive ", + "title": "Disabling logging is security sensitive", "type": "SECURITY_HOTSPOT", "status": "ready", "remediation": { diff --git a/rules/S6258/recommended.adoc b/rules/S6258/recommended.adoc index 5022e8951b..410f3ad1a1 100644 --- a/rules/S6258/recommended.adoc +++ b/rules/S6258/recommended.adoc @@ -1,3 +1,3 @@ == Recommended Secure Coding Practices -It's recommended to enable S3 server access logs. +Enable the logging capabilities of this component. diff --git a/rules/S6258/terraform/rule.adoc b/rules/S6258/terraform/rule.adoc index 5941a573e9..fe47777d59 100644 --- a/rules/S6258/terraform/rule.adoc +++ b/rules/S6258/terraform/rule.adoc @@ -6,7 +6,7 @@ include::../recommended.adoc[] == Sensitive Code Example -S3 server access logging is disabled: +For https://aws.amazon.com/s3/[Amazon S3 access requests]: ---- resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive @@ -16,7 +16,7 @@ resource "aws_s3_bucket" "mynoncompliantbucket" { # Sensitive == Compliant Solution -S3 server access logging is enabled: +For https://aws.amazon.com/s3/[Amazon S3 access requests]: ---- resource "aws_s3_bucket" "myloggingbucket" {